Authentication Options

Keeper Connection Manager supports multiple authentication mechanisms which can be enabled through installing additional packages.

Advanced Linux Install Method

For Advanced Linux Install method, packages are available through the Keeper Connection Manager repository and automatically place the necessary Apache Guacamole extension within /etc/guacamole/extensions and any necessary dependencies (such as database drivers) within /etc/guacamole/lib.

The "Test Installation" using the user-mapping.xml file is meant as a quick means of verifying the functionality of Guacamole but is not supported for production deployments.

All authentication methods packaged listed below are production-ready:

• Authenticating users with LDAP

• Authenticating users with SAML 2.0

• Authenticating users with OpenID Connect

• Using Guacamole with a MySQL Database

• Using Guacamole with a PostgreSQL Database

• Using Guacamole with a SQL Server Database

Using a database like MySQL, PostgreSQL, or SQL Server enables additional features within Keeper Connection Manager, including connection sharing and a web-based administration interface. The LDAP authentication allows authentication to be provided through an LDAP directory such as OpenLDAP or Active Directory, and can be combined with a database, thus avoiding the need to store connections within the LDAP directory using schema modifications.

Multi-factor Authentication

If you wish to enable multi-factor authentication in front of Keeper Connection Manager, you may do so with Duo or TOTP. Multi-factor authentication is supported in front of any of the above production-ready authentication mechanisms, however keep in mind that a database is always required for TOTP:

• Using Duo for Multi-factor Authentication

• Using TOTP for Multi-factor Authentication

Important Note: MFA cannot be activated if the SAML authentication method is already active.