[ https://issues.apache.org/jira/browse/GUACAMOLE-877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Couchman closed GUACAMOLE-877. ----------------------------------- Resolution: Duplicate > Add support for Okta MFA > ------------------------ > > Key: GUACAMOLE-877 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-877 > Project: Guacamole > Issue Type: New Feature > Components: guacamole > Reporter: Triet Le > Priority: Minor > Labels: features > > My company has been using Guacamole as our Remote Access solutions the past > few years and it has been very reliable. We would like to strengthen our > security posture by adding a second-factor authentication to our Guacamole > stack. I am looking to develop and integrate Okta as another Guacamole auth > extension. > Thinking this extension would behave very similar to the Duo auth extension. > The authentication steps should follow: > 1. User login Guacamole as usual. > 2. Guacamole attempts to authenticate the user with the first authenticator > (LDAP, MySQL or ...) > 3. Once the first authentication attempt is succeeded, Okta auth extension > rejects the authentication attempt and starts asking for the second-factor > authentication. > 4. Presents the Okta MFA flow and have them navigate through it (enrollment, > activation, authentication) > 5. Once the user has successfully satisfied the MFA challenge, Guacamole > receives a signed response. > 6. Okta auth extension validates the response. If valid, allow the user to > proceed, otherwise, reject. > I believe this extension would add more value to the product. Please let me > know if I am on the right thinking track. -- This message was sent by Atlassian Jira (v8.3.4#803005)