Please enable JavaScript to view this site.



The domain is used to authenticate the user. This is the most secure, flexible and easiest to manage. No need to sync users between the domain and Devolutions Password Server. On first use of the Devolutions Password Server data source, the user will be created and be given access rights according to their role in the organization as defined on the domain. You simply need to grant appropriate permissions to your roles in Devolutions Password Server. Upon authentication we will validate the AD groups to which the user belongs and for any that have a corresponding role we will grant the permissions to the user.

Authentication - Configure Domain

Authentication - Configure Domain


Domain Authentication




Specify the remote computer domain name.


Specify the Active Directory Organizational Unit (OU) or Group to restrict the search in a specific area in the Active Directory structure. The format must be the distinguished name (CN=Users,DC=windjammer,DC=loc).

Administration credentials

Add the credentials of a domain or service account to access the Active Directory forest and obtain user account information through LDAP queries. This is needed when the server hosting the instance is not located on the domain. This account needs to be a member of the Account Operators AD group in order to have enough permissions to retrieve user account information and group memberships.

Allow logins using email address

Allow users to use their email address to connect to the Devolutions Password Server instance. The email address field must be filled in the User Management.




Enable LDAPS

Enable the LDAP over SSL communication.


Default: LDAPS default communication port.

Custom: Set a specific port value.

Multi Domain (Disabled)


The Multi Domain feature requires the Devolutions Password Server Platinum Edition license. Currently, it is only working with trusted domains that belong to the same AD Forest.



Multi domain

Enable the Multi domain feature.

Trusted domains

Add your trusted domains.

Automatic User Creation



Auto create domain users in database

Automatically create the domain user account in the the database on the first login attempt.

Create read-only user

When this option is enabled, the user account will be created as a Read only user type account.

Default Vault

Will give access to that Vault to the user.

Only from this AD group

Will create automatically the user only if he is a member of this AD group.

Username Format

Select the username format that will be created in the database.

UPN : The user will be created using the UPN format ex: bill@windjammer.loc.

NetBios : The user will be created using the NetBios format ex: WINDJAMMER\bill.

Username : The user will be created using the SAM account name.

Domain Users and Roles Cache



Enable domain cache feature

Activate the domain cache feature.

Update users and groups data every:

Set the hours and minutes period that the Domain Users and Roles Cache will be refreshed. When enable, the default value is set to 30 minutes.