Overview
Azure Active Directory and SAML 2.0
Guacamole can be configured to use any SAML 2.0 compliant identity provider (such as Azure Active Directory, Okta, Ping and others).
Please follow the instructions in this dedicated guide.
OpenID Connect
Alternatively, Guacamole can use any OpenID Connect compliant identity provider. SAML 2.0 is preferred over OpenID Connect because it offfers additional features such as syncing the group membership.
Please follow the instructions in this dedicated guide.
Amazon Cognito
With Amazon Cognito, your users can sign in through social identity providers such as Apple, Google and Facebook or through enterprise identity providers such as Microsoft Active Directory via SAML or OpenID.
Access to Guacamole can further be restricted to only allow Cognito users that are members of a certain group. Additionally, Cognito provides Multi-Factor Authentication (MFA) via SMS text messages or time-based one-time passwords (TOTP).
Please follow the instructions in this dedicated guide.
AWS SSO
With Amazon SSO (Single Sign-On) you can manage access to your AWS accounts from a central service and also add custom applications such as Guacamole. AWS SSO also integrated with your Active Directory and supports multi-factor authentication.
Please follow the instructions in this dedicated guide.
Duo Identity MFA
Duo’s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps you want them to access.
Please follow the instructions in this dedicated guide.
Time-based One-Time Passwords (TOTP)
TOTP is an open standard for multi-factor authentication. The user needs to have a mobile client installed such as the free Google Authenticator or Authy. To enable TOTP for Guacamole, please follow the following steps.
Please follow the instructions in this dedicated guide.