Authentication System privacyIDEA

privacyIDEA is a modular authentication server that can be used to enhance the security of your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with two factor authentication. Originally it was used for OTP (One Time Password) authentication devices – being an OTP server. But other “devices” like challenge response, U2F, Yubikeys, SSH keys and x509 certificates are also available. It runs on Linux and is completely Open Source, licensed under the AGPLv3.

Go for privacyIDEA to setup 2-Factor-Authentication for your most precious services and keep the control.

Openness and Transparency

privacyIDEA tries to be open in many ways. We try to provide best transparency: We host our code on github, so that you can monitor the development. The issue tracker at Github is used, so that you can see, which topic is hot, what is coming up in the future and actually add your own requests! You are welcome to fork and issue pull requests and we are happy to accept those. You becoming a part of this project.

New features are planned on Github. We are using to run our tests. You can see which tests pass and also which test fail! Yes, code breaks and tests fail.

privacyIDEA is not ruled by a single company (although at the moment only one company is involved). Thus when using privacyIDEA or getting involved you are not at the mercy of one single, revenue driven decision maker.


privacyIDEA can read users from many different sources like LDAP services, Active Directory, SQL databases, flat files and SCIM services.

Authentication devices to provide two factor authentication can be assigned to those users, either by administrators or by the users themselves. Policies define what a user is allowed to do in the selfservice portal and what an administrator is allowed to do in the management interface.

The system is written in Python, uses Flask as web framework and an SQL database as datastore. Thus it can be enrolled quite easily providing a lean installation.

See a detailed list of features.

Do you want colors and pixels? You can find them here.

In addition privacyIDEA supports users in SCIM servers, sending SMS the sipgate API, OTP authentication for administrators and users in the selfservice portal, a new SSH token, “machines and applications” and a sophisticated event handler framework.

Enterprise Ready

If you want to be part of the community visit our community forum. But privacyIDEA is enterprise ready. You can get the privacyIDEA Enterprise Edition from the company NetKnights.