Online Help > Management > Devolutions Password Server Console > Devolutions Password Server Settings > Authentication

Domain

Description

 

The domain is used to authenticate the user. This is the most secure, flexible and easiest to manage. No need to sync users between the domain and Devolutions Password Server. On first use of the Devolutions Password Server data source, the user will be created and be given access rights according to their role in the organization as defined on the domain. You simply need to grant appropriate permissions to your roles in Devolutions Password Server, upon authentication we will validate the AD groups to which the user belongs, and for any that have a corresponding role we will grant the permissions to the user.

 

Domain tab

Domain tab

 

Settings

 

Domain Authentication

OPTION

DESCRIPTION

Domain

Specify the remote computer domain name.

Administration credentials

Add the credentials of a domain or service account to access the Active Directory forest and obtain user account information through LDAP queries. This is needed when the server hosting the instance is not located on the domain. This account needs to be a member of the Account Operators AD group in order to have enough permissions to retrieve user account information and group memberships.

Allow logins using email address

Allow users to use their email address to connect to the Devolutions Password Server instance. The email address field must be filled in the User Management.

Use nested AD group

Use the Active Directory group configured in the parent AD Group.

 

LDAPS

OPTION

DESCRIPTION

Enable LDAPS

Enable the LDAP over SSL communication.

Default

LDAPS default communication port.

Port

Set a specific port value.

 

Automatic User Creation

OPTION

DESCRIPTION

Auto create domain users in database

Automatically create the domain user account in the the database on the first login attempt.

Create read-only user

When this option is enabled, the user account will be created as a Read only user type account.

Default repository

Will give access to that repository to the user.

Only from this AD group

Will create automatically the user only if he is a member of this AD group.

Username Format

Select the username format that will be created in the database.

UPN : The user will be created using the UPN format ex: bill@windjammer.loc.

NetBios : The user will be created using the NetBios format ex: WINDJAMMER\bill.

Username : The user will be created using the SAM account name.

 

Multi Domain

BadgeCaution48x48

The Multi Domain feature requires the Devolutions Password Server Platinum Edition license. Currently, it is only working with trusted domains that belong to the same AD Forest.

 

OPTION

DESCRIPTION

Multi domain

Enable the Multi domain feature

Trusted domains

Add your trusted domains.

 

Domain Users And Roles Cache

OPTION

DESCRIPTION

Enable domain cache feature

Activate the domain cache feature.

Update users and groups data every:

Set the hours and minutes period that the Domain Users and Roles Cache will be refreshed. When enable, the default value is set to 30 minutes.