On Wed, Sep 18, 2019 at 6:36 PM carlog <[email protected]> wrote:
> I found out my issue, after finding vnick's post > > "Any users for whom you want TOTP enabled need permission to edit > themselves > (change their own password). Else they will not be able to enroll in > TOTP." > > Here's my issue. The users are automatically added to Guac because they > are > members of an AD security group. Can I set the option for "change their > own > password" to be "on" by default on all new users? > > There's a PR out there and some work to be done to get users automatically added to Guac from other extensions, but this is a really good point to follow-up on that work - users that are automatically added, whether implicitly because of group membership or because we add that support within the JDBC module need to be able to get a set of default permissions that would allow for this. I don't think I had thought of that before. -Nick
