TOTP MFA

TOTP is an open standard for multi-factor authentication. The user needs to have a mobile client installed such as the free Google Authenticator or Authy.

To enable TOTP for Guacamole, please follow the following steps.

1. SSH into the Guacamole instance as ec2-user.
2. Link the totp extension into the right location. Execute from /home/ec2-user:

sudo ln -s ../available-extensions/guacamole-auth-totp-1.5.2/guacamole-auth-totp-1.5.2.jar \
  /home/ec2-user/guaws/guacamole/etc/extensions/

1. Restart the guacamole services with sudo systemctl restart guaws.
2. Enable the "Change own password" permission for all users. This permission can also be set on a group level.

After logging into Guacamole you will be greeted with a setup screen to pair your mobile device. Follow the instructions on the screen. All users will be required to setup TOTP before they can use Guacamole.