Online Help > Management




Devolutions Password Server supports multiple authentication modes.


Devolutions Password Server configuration - Authentication section

Devolutions Password Server configuration - Authentication section




Authentication Modes



Authenticate with domain user

Users authenticate using their domain account.

Authenticate with database user

Users authenticate using an SQL Server database login.

Authenticate with Office365 user

AzureAD is used to authenticate the user.

Authenticate with local machine user

Users authenticate using their local machine account.

Authenticate with Devolutions Password Server custom user

Users authenticate with a Devolutions Password Server custom account. The initial user must be created using the Devolutions Password Server console.


Windows Authentication

Enable Windows Authentication

The application will use the current Windows authenticated user to authenticate to the Devolutions Password Server instance.


Automatic User Account Creation


When using authentication modes other then Active Directory, user accounts must be created beforehand in order to grant access to the system.


When you are using Active Directory authentication, two choices are offered to you:


1.Create the user accounts manually, just as with the other authentication modes



2.Enable Automatic Account Creation, and let Devolutions Password Server create user accounts as soon as they are authenticated by the domain the instance is linked to.


After the account is created, rights and permissions are assigned either manually to the user account, or through membership in AD groups for which you have created a role mapping.



User accounts created by the server have no rights other then logging on the system. They will be able to see and edit the resources that have no security defined. You must ensure that all entries are protected. This is achieved easily by setting all permissions of the Root settings to Never.


Depending on the authentication mode used, the user name may be prefixed by the domain name, and the exact naming convention is controlled by the domain. For instance, for a WINDJAMMER domain that is registered as windjammer.loc, we have no way of knowing beforehand what form will be reported by the AD services. It is recommended to always enable both Devolutions Password Server authentication initially and create an Administrator account for the initial phase of implementation.