SSO Auth (SAML)
Instructions for authenticating users with a SAML 2.0 / SSO Identity Provider
Keeper Connection Manager can be configured to authenticate users with any SAML 2.0 compatible identity provider. Users can be forced to login with SAML, or you can make SAML an optional login link from the login page.
Optional SAML Login Configuration
By default, this SAML SSO setup will only allow authentication, but it will still require that you, the admin, manually create each user within KCM and assign the exact email address as the username in order to give that user connections/permissions.
It is often easier to have KCM automatically create the user upon the first successful SAML SSO login of each user. To do this you can add one of the following lines:
in the guacamole section of your
/etc/kcm-setup/docker-compose.ymlfile as shown below.
After making changes be sure to run
sudo ./kcm-setup.run applyto implement the changes.
ADDITIONAL_GUACAMOLE_PROPERTIES: "extension-priority: *, saml"
Instructions for a few popular Identity Providers are linked below.