Login
Two-factor authentication
Enter the 6-digit code from your authenticator app or a recovery code.
Operational dashboard
Account settings
Profile
Change password
Multi-factor authentication (MFA)
—
Scan this QR with your authenticator app:
Manual secret:
Save recovery codes now — shown once:
Sessions
Active sessions for your account. Revoke any session you do not recognize.
Users
Edit user
Tenants
Edit tenant
Enrollment tokens
Create a token, then use the Linux or Windows PowerShell install block. Same token and backend enroll API for both platforms.
Devices
Create job
Jobs
Alerts
Incidents
Maintenance runs
Windows maintenance history persisted from agent job results. Execution is agent-side only (allowlisted scripts).
Device backup policies
Agent Restic backup policies per device/fleet — not the RMM stack backup (scripts/backup.sh for PostgreSQL/config). Restic execution not active yet.
Dry run (contract validation)
Creates a backup_run_dry or backup_preflight job. Agent may reject until backup execution is implemented.
Fleet action
Fleet actions
Create policy
Policies
Suppressions
Maintenance
Approvals
Scheduled jobs
Approvals
Pending actions requiring human approval. MFA required when enabled.
Release rollouts
Software management
Device groups
Manual static groups and optional dynamic filter rules. Used by fleet policy assignments.
Fleet policies
Unified operational policies. Priority: device > group > tenant. Scheduler uses frequency_hours (opt-in via RMM_FLEET_SCHEDULER_ENABLED).
Effective policies (debug)
Maintenance policies
Policy assignments (maintenance / compliance)
Backup policy assignments
Remediation rules
Fixed conditions/actions only. Rules created disabled. Enable globally with RMM_AUTO_REMEDIATION_ENABLED=true.
Compliance profiles (seeded)
Compliance
PASS / WARNING / FAIL from inventory — fail2ban, UFW, exporters, Docker, WireGuard, SSH, ports.
Account MFA is configured under Settings.
API Tokens
Tokens for external integrations. Not used for agent enrollment.
API tokens are different from Enrollment Tokens (see Enrollment tab).
Threat indicators
SIEM export
Policy executions
Monitoring profiles
RMM governs exporters and log agents — it does not replace Prometheus or Loki.
Assign profile to devices
Device compliance
Update monitor collector IP (fleet)
Adds new IPs alongside old ones first. Remove old IPs after validating Prometheus scrape.