[
https://issues.apache.org/jira/browse/GUACAMOLE-877?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16926235#comment-16926235
]
Nick Couchman commented on GUACAMOLE-877:
-----------------------------------------
Sounds like a good plan.
What protocol(s) does Okta use for this? REST API? RADIUS?
> Add support for Okta MFA
> ------------------------
>
> Key: GUACAMOLE-877
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-877
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole
> Reporter: Triet Le
> Priority: Minor
> Labels: features
>
> My company has been using Guacamole as our Remote Access solutions the past
> few years and it has been very reliable. We would like to strengthen our
> security posture by adding a second-factor authentication to our Guacamole
> stack. I am looking to develop and integrate Okta as another Guacamole auth
> extension.
> Thinking this extension would behave very similar to the Duo auth extension.
> The authentication steps should follow:
> 1. User login Guacamole as usual.
> 2. Guacamole attempts to authenticate the user with the first authenticator
> (LDAP, MySQL or ...)
> 3. Once the first authentication attempt is succeeded, Okta auth extension
> rejects the authentication attempt and starts asking for the second-factor
> authentication.
> 4. Presents the Okta MFA flow and have them navigate through it (enrollment,
> activation, authentication)
> 5. Once the user has successfully satisfied the MFA challenge, Guacamole
> receives a signed response.
> 6. Okta auth extension validates the response. If valid, allow the user to
> proceed, otherwise, reject.
> I believe this extension would add more value to the product. Please let me
> know if I am on the right thinking track.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
