Duo MFA
Duo Two-Factor Authentication
Duo’s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps you want them to access.
The Duo authentication extension allows users to be additionally verified against the Duo service before the authentication process is allowed to succeed.
- Sign in to the EC2 instance as user
ec2-user
and change to the directory/home/ec2-user/guaws
. - Enable the Duo extension by linking the extension into the
extensions
folder.
sudo ln -s ../available-extensions/guacamole-auth-duo-1.5.2/guacamole-auth-duo-1.5.2.jar \
/home/ec2-user/guaws/guacamole/etc/extensions/
- Sign up for Duo and sign in as the account administrator at https://admin.duosecurity.com/login
- Create and enroll a new user
guacadmin
(user names in Guacamole must match the user names in Duo) - Add a new application of type "Web SDK" and click on "Protect this Application"
- Configure Duo by adding the following lines to
/home/ec2-user/guaws/guacamole/etc/guacamole.properties
# the following three configuration keys are provided by Duo
duo-api-hostname=api-xxxxxxxx.duosecurity.com
duo-integration-key=
duo-secret-key=
# a random key that is used by Guacamole to secure the session. Must be at least 40 characters long.
duo-application-key=
- Restart Guacamole by executing
guawsctl restart guac
. If Guacamole does not come back after the restart command, review the log files by executingguawsctl logs -f guac
. - After signing in to Guacamole you will be redirected to Duo where you will have to complete the two-factor challenge to successfully sign in.