Feature Request

Hello, since it is not possible to access a DVLS if the first two numbers of the version do not match, I would like to suggest the following: When using a DVLS, there should be an option to define in RDM the maximum version for the first two numbers. Example: DVLS is at 2025.3.x RDM is at version 2025.3.x. If RDM is offline, it is offered version 2026.1.x as an update. This must be prevented. When an RDM connects to DVLS, the version number 2025.3.x has to be transmitted and stored. RDM should then only accept update versions 2025.3.x. Only when DVLS is updated to 2026.1 and RDM connects the next time should it receive the new version number and from then on be allowed to install any 2026.1.x version. A 2026.2.x version should also only be offered once the server runs that version. Since we run our DVLS in a highly secure environment, users only connect to the environment and DVLS via VPN from time to time. RDM therefore always starts offline. In our case, offline vaults are only retained for 7 days. Best regards Andreas

I see there is already an operator for syncing Devolutions Server credentials as Kubernetes secrets: https://github.com/Devolutions/dvls-kubernetes-operator I think another fantastic approach would be to integrate with the External Secrets Operator: https://external-secrets.io/ It has support for a number of other credential vaults and I would love to see Devolutions Server support.

Now that there is a docker deployment for the Devolutions Server, it would be great if there was documentation provided on how to deploy the container in a kubernetes deployment (and even providing a Helm chart would be great). This would help my team as we are wanting to put the Devolutions Server in kubernetes, however there is uneasiness about there being no official documentation on achieving this, thus there are questions regarding vendor support. Thanks

Hello all, Following a chat with support, it was suggested to create a feature request. This is something that you do with the Business Hub solution. Having an option where entries in a vault are "locked" behind some added security measure. In a SSO environment, using the DVLS Workspace, every entry stored in a vault (user or shared) is available. In some cases, mostly dealing with highly confidential credentials, we think it would be important to have an extra security step. Whether it's asking for the user password again, expiring/refreshing the MFA token or using a pin code. Thanks,

Hello everyone, Here is the scenario: A user has 2 groups, which gives access to multiple vaults. He is set up as a default user (with write privileges, but without admin-rights). Group 1 has 1 vault assigned, this is the vault where import/export is enabled Group 2 has 5 vaults assigned, here import/export is disabled Unfortunately, when the user has the right to import/export from Group 1, these rights are also ENABLED for Group 2 and their respective vaults, which should not be the case. At the moment this is a system wide permission, which does not account for the fact, that the user should only be allowed to export/import in one group, but not the other. We would like to propose a change to this behavior: the system wide permission is fine, but there should be an additional option to enable import/export limited to a specific vault, so that users have the possibility to import/export (into) one vault, but not the other. At the moment, we use the workaround to set them as vault owners, but this gives users privileges, that they should not necessarily have. Please let me know, if further information is needed. Thank you very much in advance.

Hello We want to use the dynmic IP List feature. While it's working fine in RDM for Windows, RDM Web does not show any entries: [image] Thank you for fixing. Best regards, John

Hello, Would be handy if expired entries list would also contain the vault folder structure for easier entry identification. This field should also be visible in the scheduled report. BR VP

As a System Owner I want to show only the domain SSO login option when domain SSO is enabled so that I don't confuse my users by being forced to show domain login and domain SSO login options on the authentication page. When domain SSO is enabled, the SSO and regular domain authentication options are displayed. [image]

Hello, I would like to request a small feature: Can you please make Devolutions Gateway compatible with windows certificate store? It would be great if it could be enough to renew the windows certificate and DVG would simply use it, much like IIS does, without having to do an expert (no matter if manual or powershell). Thank you

Hi! When you open the Entry security analyzer report with the Show compromised password (pwned) option, the list takes a long time to load because DVLS seems to query api.pwnedpasswords.com for each password sequentially. It's the same in RDM with the Password analyzer. I think this could be optimized. API calls could parallelized, if they are not already. Hashes could be cached for some time, so you wouldn't need to wait for the whole list to load every time you change the filter or switch pages. The query could run in the background and populate the pwned-status field of each entry as they come in, instead of the whole GUI becoming unusable for a long time. You can even download all password hashes and query them offline: https://haveibeenpwned.com/api/v3#PwnedPasswordsDownload Thank you!

Hi there I see the following added a while back: "Allow any additional hosts with Devolutions Gateway" option in website connection settings" This is a great option yet only configurable via RDM - I expect/hope that while the option can only be enabled via RDM, it actually works via Launcher as well. Please make the option available to be configured via Web, so it can be used with Launcher as well. Thank you

Hi, inside the RDM the Entry Security Analyzer has much more fields than inside DVLS. Could you please improve the report in DVLS? Would be great to define by our own which fields are shown. We miss the status for an entry for example. Regards, Ingo

Can we please get a sort priority option for vaults?

Could we have options to run Synchrnoizers that are scheduled from DVLS more than 1/day. I'd like to see an option for every X hrs starting at specified time. So you could say every 4hrs starting at midnight or something along those lines. My biggest complaint is from users who are building new servers and want the VMRC console before it syncronizes, which is running as a background job on my RDM instance, because the server-side scheduler has a bug that creates duplicates every time it has run. I've trained them to use the vmware dashboard and to connect that way for now. Thanks!

The ability to select the folder to use for credentials is not available in the Web UI Can this be added? [image] [image]

Hi there Is there a way for getting notified by the action "Entry Export"? We have only a few admins which are allowed to export entries, but it would be nice when there is a way to get notified on entry export action. Thank you.

First off, I apologize if this is in the wrong location! I've been reviewing the Ansible module and I think it's great, but I would also love a lookup plugin for fetching credentials so that I wouldn't have to necessarily fetch credentials in a task in a playbook. Here is another product that does this: https://galaxy.ansible.com/ui/repo/published/delinea/ss/docs/tss/ The advantage of this is I could have the lookups directly in inventory and group variables and then could expose the vault ID, URL, API key, etc via variables. The Delinea example is a little messy and I'm sure there's a better way to do it.

We have recently implemented windows hello for business to limit the needs for passwords. Unfortunately, Devolutions Server Browser Extension doesn't accept the PIN, and we have to still use our password. We would like to see Devolutions Team implement this if possible as this will help from a security aspect as more companies look at going to a passwordless approach. Thank You

RDM has the ability to restore deleted items, but it only appears to show items that you've deleted, rather than items right across the vault that could have been deleted by other users - refer https://forum.devolutions.net/topics/8635/recycling-bin-for-deleted-objects Would be good to have a similar feature for DVLS so we can undelete things other people have deleted.

Hello, I am currently setting up our Devolutions Server and would be very happy if the current YubiKey method would be extended by Passkey support, to enable real passwordless login. This would greatly increase security and user-friendliness. I can already use the function in my Devolutions Online account and I am delighted with it. Is this function perhaps already on the roadmap? Thank you and best regards 😊

I'm doing documentation for DR scenarios, and I can't find any information about how to regain access to an on-prem Devolutions Server instance if all admin accounts become inaccessible. I see the "Emergency procedure" on the page below, but that only addresses the case where a break glass account is accessible. Is there any method of recovering access if no account is accessible? Such as through SQL or through the OS? https://docs.devolutions.net/server/kb/knowledge-base/console-command-line-interface/ Thanks

I would like that SAML 2.0 or OIDC as an authentication method. We would like to use Onelogin as authenticator.

We are actually using RDM with Azure SQL Datasource and are evaluating the migration to Devolutions Server Datasource. I noticed that in Devolution Server Datasource the "Generate" Button does not exist. There is only the "Password generator". It would be nice to have that button also with Devolution Server Datasource. Regards [image] [image]

I would like to be able to manage temporary access via the API (or alternatively Powershell), so we can automate and integrate this with our ticketing system (and other internal systems). Right now we have a webhook setup that will create a ticket, but we need to manually manage the access via RDM or other places. We want to automate this.

Good day Devolutions, We are trying to create a report for management, and for that reason we would like to include the information about the assigned licenses - per user. At the moment the license data is stored in the "Assigned" column in dbo.UserSecurity table, but it is encrypted.. Could you please make a solution so that we can display the assigned licenses information?