Cookbook - Apache Guacamole - Setup Guide

In this setup guide, we’ll create a Primary Admin for your Guacamole deployment.

1. Designate a Primary Admin

Since you have previously configured SAML authentication, Guacamole will automatically create a user in the MySQL Database once they’ve logged in successfully via SAML.

We now need to designate one user as the Primary Admin, with administrative permissions so that they may create, delete, and edit connections as well as assign connections to users and user groups.

For this Primary Admin, permissions must be granted through the MySQL database - however once this is done, all future administration can be done using the Guacamole Web UI.

Select a Primary Admin and authenticate via SAML into your Guacamole instance.

2. Grant privileges for your Primary Admin

In order to grant permissions to your Primary Admin, first make sure that it has been successfully created in the MySQL Database:

$ mysql -h 127.0.0.1 -P 3306 mysql  -u guacadmin -p
Enter password:
...
mysql> SELECT entity_id,name,type FROM guacamole_entity;
+------------------+------+
| name             | type |
+------------------+------+
| user@example.com | USER |
+------------------+------+

With your user created, you can now grant administrative permissions in order to manage other users from the Web UI:

mysql> INSERT INTO guacamole_system_permission (entity_id, permission) VALUES (1, 'ADMINISTER');
mysql> INSERT INTO guacamole_system_permission (entity_id, permission) VALUES (1, 'CREATE_USER_GROUP');
mysql> INSERT INTO guacamole_system_permission (entity_id, permission) VALUES (1, 'CREATE_USER');
mysql> INSERT INTO guacamole_system_permission (entity_id, permission) VALUES (1, 'CREATE_SHARING_PROFILE');
mysql> INSERT INTO guacamole_system_permission (entity_id, permission) VALUES (1, 'CREATE_CONNECTION_GROUP');
mysql> INSERT INTO guacamole_system_permission (entity_id, permission) VALUES (1, 'CREATE_CONNECTION');

With this completed successfully you can now log in to the web interface and create connections.


Your Guacamole deployment is ready for prime time!



Last modified: Sep 23, 2021