enable MFA only for admin user

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

enable MFA only for admin user

Enrico FANTI

 

Hi.

 

It’s possible to enable MFA (Duo or OTP) only for admin user ?

 

Thank you

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: enable MFA only for admin user

vnick
On Tue, Jul 7, 2020 at 9:26 AM Enrico FANTI <[hidden email]> wrote:

 

Hi.

 

It’s possible to enable MFA (Duo or OTP) only for admin user ?

 


No, the authentication extensions apply to the entire system, and all users on the system, so Duo or TOTP would either apply to all users of the system or none.

If you use RADIUS with a MFA provider you might be able to accomplish it with rules on the RADIUS provider by having different policies for different users.

-Nick
Reply | Threaded
Open this post in threaded view
|

R: enable MFA only for admin user

Enrico FANTI

 

Thank  you for your answer.

 

But if the MFA with Duo is now enabled, is there a way to disable it?

 

Tnx

Enrico

 

 

 

 

Da: Nick Couchman <[hidden email]>
Inviato: martedì 7 luglio 2020 15:53
A: [hidden email]
Oggetto: Re: enable MFA only for admin user

 

On Tue, Jul 7, 2020 at 9:26 AM Enrico FANTI <[hidden email]> wrote:

 

Hi.

 

It’s possible to enable MFA (Duo or OTP) only for admin user ?

 

 

No, the authentication extensions apply to the entire system, and all users on the system, so Duo or TOTP would either apply to all users of the system or none.

 

If you use RADIUS with a MFA provider you might be able to accomplish it with rules on the RADIUS provider by having different policies for different users.

 

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: enable MFA only for admin user

vnick
On Tue, Jul 7, 2020 at 10:19 AM Enrico FANTI <[hidden email]> wrote:

 

Thank  you for your answer.

 

But if the MFA with Duo is now enabled, is there a way to disable it?



If you're using Duo, just remove the extension from the GUACAMOLE_HOME/extensions folder and reload the Guacamole Java application (or restart Tomcat).

-Nick 
Reply | Threaded
Open this post in threaded view
|

R: enable MFA only for admin user

Enrico FANTI
In reply to this post by vnick

I know, this is strange, but in my previous installation with Guacamole 1.1, I used the MysticRyuujin (https://github.com/MysticRyuujin/guac-install) script, and only the administrator had MFA enabled.

 

Yesterday, I used the MysticRyuujin script to upgrade  to 1.2, and now I have the Duo MFA enabled for all my users.

 

It’s strange

 

 

 

 

Da: Nick Couchman <[hidden email]>
Inviato: martedì 7 luglio 2020 15:53
A: [hidden email]
Oggetto: Re: enable MFA only for admin user

 

On Tue, Jul 7, 2020 at 9:26 AM Enrico FANTI <[hidden email]> wrote:

 

Hi.

 

It’s possible to enable MFA (Duo or OTP) only for admin user ?

 

 

No, the authentication extensions apply to the entire system, and all users on the system, so Duo or TOTP would either apply to all users of the system or none.

 

If you use RADIUS with a MFA provider you might be able to accomplish it with rules on the RADIUS provider by having different policies for different users.

 

-Nick