4 results found

1. Streamlined Microsoft Entra ID Authentication with Role-Based Login Interface

   As an IT professional using PRTG in a Microsoft Entra ID environment, I want a consistent and intuitive login experience that automatically recognizes my authentication method and user role, so that I can quickly access the monitoring system without confusion about which login option to use.

   Specifically, I need the system to remove separate sign-in and use consistent SSO for Entra users and tenant owners. It's confusing for users to enter their email instead of clicking the blue "Sign-in with Microsoft Button". Or change the login page to have a separate button for system administrator's vs users.

   2 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Delete…  ·  Admin →
   Declined  ·  AdminIsidora Jeremic (Admin, Paessler) responded

   Hi there,

   Thank you again for submitting your idea to Paessler. We appreciate your perspective on streamlining the authentication process.

   
   

   After careful consideration, we've decided not to implement this specific feature request at this time for the following reasons:

   
   

   1. Planned SSO improvements: We're currently working on broader enhancements to our SSO login experience that will address authentication workflows more comprehensively.
   2. Failback authentication requirement: While we understand your desire for a single, streamlined login option, maintaining multiple authentication methods is essential for system reliability. If SSO connectivity is interrupted or Microsoft services experience downtime, alternative login options ensure that administrators and users can still access PRTG without disruption. This redundancy is a critical safeguard for business continuity.

   
   

   While this particular idea won't be moving forward, please don't be discouraged! Your input is incredibly valuable, and we encourage you to continue sharing your thoughts and ideas with us.

   Thanks for your understanding and for helping us shape the future of Paessler.

   
   

   Best regards,

   The Paessler Product Team

   Hi there,

   Thank you again for submitting your idea to Paessler. We appreciate your perspective on streamlining the authentication process.

   
   

   After careful consideration, we've decided not to implement this specific feature request at this time for the following reasons:

   
   

   1. Planned SSO improvements: We're currently working on broader enhancements to our SSO login experience that will address authentication workflows more comprehensively.
   2. Failback authentication requirement: While we understand your desire for a single, streamlined login option, maintaining multiple authentication methods is essential for system reliability. If SSO connectivity is interrupted or Microsoft services experience downtime, alternative login options ensure that administrators and users can still access PRTG without disruption. This redundancy is a critical safeguard for business continuity.

   
   

   While this particular idea won't be moving forward, please don't be discouraged! Your input is incredibly valuable, and we encourage you to continue sharing your thoughts and ideas with us.

   Thanks for your understanding… more

2. Support for Two-Factor Authentication (2FA) in PRTG On-Premise

   As an IT Infrastructure Manager responsible for security and compliance, I want to enforce Two-Factor Authentication (2FA) for all users accessing the PRTG On-Premise web interface,

   At the moment, PRTG On-Premise only supports password-based authentication. Given today’s security requirements and compliance standards, 2FA has become essential for protecting administrative interfaces and monitoring systems. Since PRTG contains critical infrastructure information, enhanced login security is necessary in many environments.

   Requested Feature:
   Please add support for Two-Factor Authentication (2FA) for PRTG On-Premise, ideally with multiple methods such as:
   - TOTP apps (Google Authenticator, Microsoft Authenticator, etc.)
   - Hardware tokens (FIDO2, YubiKey)
   - SMS or email codes (optional)

   Use Case / Reasoning:
   - Strengthens the overall security of the monitoring environment
   - Helps meet modern cybersecurity and compliance requirements
   - Prevents unauthorized access even if passwords are compromised
   - Aligns PRTG On-Premise with current industry standards for authentication

   Support for 2FA would significantly enhance the security posture of PRTG installations, especially in larger or regulated environments.

   As an IT Infrastructure Manager responsible for security and compliance, I want to enforce Two-Factor Authentication (2FA) for all users accessing the PRTG On-Premise web interface,

   At the moment, PRTG On-Premise only supports password-based authentication. Given today’s security requirements and compliance standards, 2FA has become essential for protecting administrative interfaces and monitoring systems. Since PRTG contains critical infrastructure information, enhanced login security is necessary in many environments.

   Requested Feature:
   Please add support for Two-Factor Authentication (2FA) for PRTG On-Premise, ideally with multiple methods such as:
   - TOTP apps (Google Authenticator, Microsoft Authenticator, etc.)
   - Hardware tokens (FIDO2, YubiKey)
   - SMS… more

   1 vote

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Delete…  ·  Admin →
   Declined  ·  AdminIsidora Jeremic (Admin, Paessler) responded

   Hi Yannik,

   Thank you again for submitting your idea to Paessler. We truly appreciate you taking the time to share your feedback.

   Please note that MFA is already available through SSO (Okta and Microsoft Entra ID) options:

   How can I enable Microsoft Entra ID multifactor authentication? | Paessler Knowledge Base

   How can I enable Okta multifactor authentication? | Paessler Knowledge Base

   Beside that, the following workarounds are possible:

   Since PRTG supports SAML 2.0, you can effectively use any compatible Identity Provider to enforce MFA:

   • Keycloak (Open Source): Host your own free Identity Provider. It connects to your Active Directory and forces users to use TOTP (Google Authenticator) or hardware keys before passing them to PRTG.
   • AD FS (Active Directory Federation Services): Use your existing Windows Server infrastructure to act as the SAML provider. You can configure AD FS to require certificates or smart cards.
   • Duo SSO: Use Duo's native Single Sign-On feature as the SAML provider. This adds the "Duo Push" requirement directly to the PRTG login flow.
   • Reverse Proxy (Authelia/Authentik): Place PRTG behind a proxy (like Nginx) paired with a tool like Authelia. The proxy intercepts traffic and forces an MFA check before the user can even see the PRTG login screen.

   
   

   Best regards,

   The Paessler Product Team

   Hi Yannik,

   Thank you again for submitting your idea to Paessler. We truly appreciate you taking the time to share your feedback.

   Please note that MFA is already available through SSO (Okta and Microsoft Entra ID) options:

   How can I enable Microsoft Entra ID multifactor authentication? | Paessler Knowledge Base

   How can I enable Okta multifactor authentication? | Paessler Knowledge Base

   Beside that, the following workarounds are possible:

   Since PRTG supports SAML 2.0, you can effectively use any compatible Identity Provider to enforce MFA:

   • Keycloak (Open Source): Host your own free Identity Provider. It connects to your Active Directory and forces users to use TOTP (Google Authenticator) or hardware keys before passing them to PRTG.
   • AD FS (Active Directory Federation Services): Use your existing Windows Server infrastructure to act as the SAML provider. You can configure AD FS to require certificates or smart cards.
   • Duo SSO: Use Duo's native… more

3. Improve OnPremise AD-Integration in PRTG

   Support for trusted and sub domains
   PRTG doesn't support AD forests and trusted sub domains. Only accounts within the same domain as configured in the settings can log into PRTG.

   Without this feature we have unnecessary administrative overhead due to having to create extra user accounts for users in sub domains.
   This task is not only a waste of time, but also poses additional security risks, since users tend to use the same password for more accounts.

   This has been the feature request with the highest upvotes in the old system (https://helpdesk.paessler.com/en/support/solutions/articles/76000073698--looking-at-improve-ad-integration-in-prtg-including-sso-with-ad-or-adfs-2fa-), yet it's still not implemented.
   We are waiting for it since 2018.

   Support for trusted and sub domains
   PRTG doesn't support AD forests and trusted sub domains. Only accounts within the same domain as configured in the settings can log into PRTG.

   Without this feature we have unnecessary administrative overhead due to having to create extra user accounts for users in sub domains.
   This task is not only a waste of time, but also poses additional security risks, since users tend to use the same password for more accounts.

   This has been the feature request with the highest upvotes in the old system (https://helpdesk.paessler.com/en/support/solutions/articles/76000073698--looking-at-improve-ad-integration-in-prtg-including-sso-with-ad-or-adfs-2fa-), yet it's still not implemented.
   We… more

   1 vote

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Delete…  ·  Admin →
   Declined  ·  AdminJonah Kowall (SVP Product and Design, Paessler) responded

   Hi there,

   Thank you again for submitting your idea to Paessler. We truly appreciate you taking the time to share your feedback.

   After careful consideration by our team, we've decided to decline this idea at this time.

   
   

   While we appreciate your request for PRTG to natively support authentication across an entire AD forest, here is our perspective on why we focus on a more streamlined authentication model and how you can use Microsoft Entra ID (formerly Azure AD) or Active Directory Federation Services (AD FS) to achieve a best-practice, single-identity solution.

   Why Direct Multi-Domain/Forest Support is Complex

   PRTG is a network monitoring solution, and its design prioritizes ease of deployment, stability, and security in its core function. Directly integrating with an entire Active Directory Forest—including all trusted domains and sub-domains—involves significant complexities that are generally handled by dedicated identity services:

   • Trust and Authentication Flow Complexity: Supporting authentication across different AD trees and transitive trusts introduces complex logic (e.g., Kerberos referrals, credential forwarding) that can be difficult to manage, troubleshoot, and maintain for a non-identity application like PRTG.
   • Source of Truth Issues: In multi-domain environments, it is often difficult for an application to know which domain holds the authoritative user attributes (e.g., UPN, email, groups). This can lead to synchronization conflicts or stale user data.
   • Maintenance Overhead: When trust relationships change between on-premises AD forests (due to mergers, divestitures, or organizational restructuring), PRTG would require constant, complex updates to its configuration.

   The Recommended Solution: Centralized Identity Management

   The industry best practice for unifying identities across complex environments (like multiple AD forests, sub-domains, or even third-party identity sources) is to use a centralized identity provider that handles all the authentication complexity, providing a single, clean user list to all applications.

   Use Microsoft Entra ID (or AD FS) for SSO

   We strongly recommend using Microsoft Entra ID (or AD FS for an on-premises solution) to manage authentication for your users.

   1. Consolidate Identities: Use Microsoft Entra Connect or Microsoft Entra Cloud Sync to import all user accounts from your various AD forests/domains into your single Microsoft Entra tenant. This ensures that every user has one unique cloud identity that is synchronized from the correct on-premises source.
   2. Enable Single Sign-On (SSO): Configure PRTG to use SAML or OpenID Connect (OIDC) authentication with your Microsoft Entra tenant.
   3. Simplified PRTG Access: Your users will now simply sign into PRTG using their primary, synchronized UPN (e.g., user@company.com), regardless of which specific AD domain their account originated in.

   • Eliminates Overhead: You no longer need to create or manage local accounts in PRTG for sub-domain users.
   • Enhances Security: Users authenticate with their primary AD password, eliminating the need for separate passwords and the security risk of password reuse.
   • Enables Modern Security: This approach allows you to enforce multi-factor authentication (MFA), Conditional Access policies, and other advanced security features directly from Microsoft Entra ID.

   By leveraging Microsoft Entra ID, you offload the complex burden of multi-domain and multi-forest management to a service specifically designed for identity, allowing PRTG to focus on providing best-in-class network monitoring.

   While this particular idea won't be moving forward, please don't be discouraged! Your input is incredibly valuable, and we encourage you to continue sharing your thoughts and ideas with us.

   Thanks for your understanding and for helping us shape the future of Paessler.

   Best regards,

   The Paessler Product Team

   Hi there,

   Thank you again for submitting your idea to Paessler. We truly appreciate you taking the time to share your feedback.

   After careful consideration by our team, we've decided to decline this idea at this time.

   
   

   While we appreciate your request for PRTG to natively support authentication across an entire AD forest, here is our perspective on why we focus on a more streamlined authentication model and how you can use Microsoft Entra ID (formerly Azure AD) or Active Directory Federation Services (AD FS) to achieve a best-practice, single-identity solution.

   Why Direct Multi-Domain/Forest Support is Complex

   PRTG is a network monitoring solution, and its design prioritizes ease of deployment, stability, and security in its core function. Directly integrating with an entire Active Directory Forest—including all trusted domains and sub-domains—involves significant complexities that are generally handled by dedicated identity services:

   • Trust and Authentication Flow Complexity: Supporting authentication across different AD… more

4. Detailled permissions on structural levels

   We work in the regulated pharmaceutical environment and I need a clear assignment of permissions at the individual structural levels (inheritance / interruption of inheritance) or at least an export of which permissions have been assigned to the respective structures. (Who has access to the different structures --> who has read permissions / who has read/write permissions on each structure?)
   It is very important for the regulated pharmaceutical sector to have a detailed access configuration overview.

   1 vote

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Delete…  ·  Admin →
   Declined  ·  AdminJonah Kowall (SVP Product and Design, Paessler) responded

   Hi there,

   Thank you again for submitting your idea to Paessler. We truly appreciate you taking the time to share your feedback.

   We do not plan to change the permissioning system in PRTG as it exists today, as this would require major changes to core architecture of the product. We are building a new cloud control plane (across multiple cores) which will allow for more granular permissioning of who can do what. This new cloud service is currently in development and we are putting in more sophisticated RBAC there. This should meet your needs when it comes out. The management use cases will likely be in beta by the end of 2026. Please email me back if you have specific questions.

   After careful consideration by our team, we've decided to decline this idea at this time. This decision was made based on several factors, which may include:

   • It doesn't align with our current product roadmap or strategic priorities.
   • The resources required for implementation outweigh the current projected benefits for our user base.
   • There are technical limitations that prevent us from moving forward.
   • A similar feature is already available or planned in a different way.

   While this particular idea won't be moving forward, please don't be discouraged! Your input is incredibly valuable, and we encourage you to continue sharing your thoughts and ideas with us.

   Thanks for your understanding and for helping us shape the future of Paessler.

   Best regards,

   The Paessler Product Team

   Hi there,

   Thank you again for submitting your idea to Paessler. We truly appreciate you taking the time to share your feedback.

   We do not plan to change the permissioning system in PRTG as it exists today, as this would require major changes to core architecture of the product. We are building a new cloud control plane (across multiple cores) which will allow for more granular permissioning of who can do what. This new cloud service is currently in development and we are putting in more sophisticated RBAC there. This should meet your needs when it comes out. The management use cases will likely be in beta by the end of 2026. Please email me back if you have specific questions.

   After careful consideration by our team, we've decided to decline this idea at this time. This decision was made based on several factors, which may include:

   • It doesn't align… more