Devolutions Hub Business continues to evolve, with recent updates making it more adaptable to complex enterprise environments. One significant addition is support for Custom PAM providers, a feature that was previously available only in Devolutions Server.

This update extends the flexibility of Devolutions Hub's privileged access management (PAM) capabilities, enabling organizations to integrate their own identity systems through a set of customizable PowerShell scripts.

Expanding PAM identity integration options

While Devolutions Hub Business has long offered secure and centralized credential management, identity integration was previously limited to standard providers. For organizations with non-standard or proprietary identity systems, this created a gap in compatibility.

By introducing Custom PAM provider support, Devolutions Hub Business now addresses that gap, enabling broader support for diverse environments without compromising security or operational control.

How it works

At the core of this integration are PowerShell scripts that handle critical lifecycle events for accounts managed by PAM. These scripts provide administrators with full control to define custom logic for each stage of the account management process:

• Account discovery enables the identification and onboarding of privileged accounts from external systems or directories. This ensures that all relevant credentials are brought under management, regardless of their origin.
• Password rotation is fully automated, occurring either on use or on a defined schedule. This allows organizations to enforce internal password policies and eliminate the risks associated with manual updates.
• Heartbeat monitoring continuously validates the health and accessibility of credentials, making sure Devolutions Hub always has the right credential.
• Propagation ensures that any credential updates are reliably distributed across all connected systems and services, maintaining synchronization and consistency.

Each of these steps can be customized using PowerShell, offering a flexible and extensible framework for integration. These scripts are configured directly within the Devolutions Hub interface, allowing administrators to manage account lifecycles without relying on other tools.

Use case example: Azure Key Vault integration

A concrete example of how custom identity providers work is our integration with Azure Key Vault. This open-source provider, available on our GitHub page, illustrates how a cloud-native secrets management service can be integrated into Devolutions Hub Business using custom PowerShell scripts.

Through this integration, administrators can manage the full lifecycle of secrets stored in Azure Key Vault within Hub Business. Secrets can be discovered and onboarded efficiently, ensuring that critical credentials are brought under centralized control. Automated rotation ensures compliance with internal policies without requiring manual updates. Heartbeat checks provide ongoing validation that secrets remain accessible and accurate, while propagation mechanisms ensure that any updates are reflected consistently across connected systems. It also serves as a template for building similar providers for other systems.

Final thoughts

Custom PAM provider support marks another step in making Devolutions Hub Business a more adaptable and business-ready solution. By extending PAM capabilities through scripting, IT teams gain the flexibility to tailor security processes without compromising ease of use or control.

Whether you're operating in a tightly regulated industry or managing a complex IT ecosystem, custom PAM provider support gives you more options to integrate privileged access workflows in a way that matches your environment. If you'd like to try it out, contact our sales team at sales@devolutions.net to request a trial PAM license.