Authentication Options

Configuration of Keeper Connection Manager Authentication methods

Keeper Connection Manager supports multiple authentication mechanisms which can be enabled through installing additional packages.

Advanced Linux Install Method

For Advanced Linux Install method, packages are available through the Keeper Connection Manager repository and automatically place the necessary Apache Guacamole extension within /etc/guacamole/extensions and any necessary dependencies (such as database drivers) within /etc/guacamole/lib.

The "Test Installation" using the user-mapping.xml file is meant as a quick means of verifying the functionality of Guacamole but is not supported for production deployments.

Ensure that a production-ready authentication mechanism is configured prior to deploying Keeper Connection Manager.

All authentication methods packaged listed below are production-ready:

Using a database like MySQL, PostgreSQL, or SQL Server enables additional features within Keeper Connection Manager, including connection sharing and a web-based administration interface. The LDAP authentication allows authentication to be provided through an LDAP directory such as OpenLDAP or Active Directory, and can be combined with a database, thus avoiding the need to store connections within the LDAP directory using schema modifications.

Multi-factor Authentication

If you wish to enable multi-factor authentication in front of Keeper Connection Manager, you may do so with Duo or TOTP. Multi-factor authentication is supported in front of any of the above production-ready authentication mechanisms, however keep in mind that a database is always required for TOTP:

Important Note: MFA cannot be activated if the SAML authentication method is already active.

Last updated