Triet Le created GUACAMOLE-877:
----------------------------------
Summary: Add support for Okta MFA
Key: GUACAMOLE-877
URL: https://issues.apache.org/jira/browse/GUACAMOLE-877
Project: Guacamole
Issue Type: New Feature
Components: guacamole
Reporter: Triet Le
My company has been using Guacamole as our Remote Access solutions the past few
years and it has been very reliable. We would like to strengthen our security
posture by adding a second-factor authentication to our Guacamole stack. I am
looking to develop and integrate Okta as another Guacamole auth extension.
Thinking this extension would behave very similar to the Duo auth extension.
The authentication steps should follow:
1. User login Guacamole as usual.
2. Guacamole attempts to authenticate the user with the first authenticator
(LDAP, MySQL or ...)
3. Once the first authentication attempt is succeeded, Okta auth extension
rejects the authentication attempt and starts asking for the second-factor
authentication.
4. Presents the Okta MFA flow and have them navigate through it (enrollment,
activation, authentication)
5. Once the user has successfully satisfied the MFA challenge, Guacamole
receives a signed response.
6. Okta auth extension validates the response. If valid, allow the user to
proceed, otherwise, reject.
I believe this extension would add more value to the product. Please let me
know if I am on the right thinking track.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
