You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To add Multi-factor authentication with Google Authenticator / TOTP to CIAB is fairly simple.
User's will need to install the Google Authenticator App into their Android or iPhone though to make use of it. So some coordination with Users will be required.
The Documentation for TOTP using Google Authenticator on the Apache Guacamole website is found here. This includes pictures of what you should see once you have activated it.
**
NOTE: all of the following is done in the ciab-guac LXD container!
**
First, the CIAB Admin needs to Log into Guacamole as the admin and make sure each User account you have created has the Box checked to Permit the User to Change their own password.
The Users in the MySQL DB module need to be allowed to update their own passwords (basically update their own account), as that's what determines whether or not the user can store information about themselves thus enabling TOTP.
Next, the CIAB Admin simply downloads the Guacamole-Auth-TOTP extension from the Apache Guacamole website's download page.
De-archive the guacamole-auth-totp-1.0.0.jar file and move it to the ciab-guac LXD container's
/etc/guacamole/extensions directory then check the owner/group permissions to make sure they match other extensions in that directory.
Once this is done and Tomcat restarted, on their next login the CIAB Remote Desktop Users will be required to use their Google Authenticator App to get the current 6 Digit TOTP Code (it changes every 15-20 seconds) to enter along with their Login ID and Password in order to gain access to their Guacamole account & CIAB desktop "connections".
Google Authenticator is available for Android and iPhone.
Yes its simple to turn on or off TOTP.
Its simply whether or not the TOTP file "guacamole-auth-totp-1.0.0.jar" is present or NOT in "/etc/guacamole/extensions" in the ciab-guac LXD container.
The text was updated successfully, but these errors were encountered:
To add Multi-factor authentication with Google Authenticator / TOTP to CIAB is fairly simple.
User's will need to install the Google Authenticator App into their Android or iPhone though to make use of it. So some coordination with Users will be required.
The Documentation for TOTP using Google Authenticator on the Apache Guacamole website is found here. This includes pictures of what you should see once you have activated it.
**
The Users in the MySQL DB module need to be allowed to update their own passwords (basically update their own account), as that's what determines whether or not the user can store information about themselves thus enabling TOTP.
Next, the CIAB Admin simply downloads the Guacamole-Auth-TOTP extension from the Apache Guacamole website's download page.
De-archive the guacamole-auth-totp-1.0.0.jar file and move it to the ciab-guac LXD container's
/etc/guacamole/extensions directory then check the owner/group permissions to make sure they match other extensions in that directory.
Once this is done and Tomcat restarted, on their next login the CIAB Remote Desktop Users will be required to use their Google Authenticator App to get the current 6 Digit TOTP Code (it changes every 15-20 seconds) to enter along with their Login ID and Password in order to gain access to their Guacamole account & CIAB desktop "connections".
Google Authenticator is available for Android and iPhone.
Yes its simple to turn on or off TOTP.
Its simply whether or not the TOTP file "guacamole-auth-totp-1.0.0.jar" is present or NOT in "/etc/guacamole/extensions" in the ciab-guac LXD container.
The text was updated successfully, but these errors were encountered: