Today we have pleasure in announcing the release of privacyIDEA 2.10. In this release the two factor authentication solution privacyIDEA eases the lives of the users.
Self Registration and Password Reset
privacyIDEA comes with a new policy scope “register”. If this policy is set new users may create a new account. The creation of the account can be limited to certain realms or to certain email addresses. This way you can define, that only user with an email address from a certain domain are allowed to register.
The user will get an email with a registration token, that can be used to access the privacyIDEA Web UI.
User registration is possible due to the concept of writeable userstores, which was introduced earlier. Another possibility that arises from the writeable userstores and which is introduced in version 2.10 is User Password Reset. In a user-policy you may define, if a user should be allowed to reset his userstore password.
Enrolling tokens to the user is always quite a challenge. No project or installation works the same, has the same requirements and chooses the very same enrollment strategy. It always seems very tempting to let users enroll their tokens, hoping that this strategy will not generate high traffic and costs in the help desk.
With privacyIDEA 2.10 the token user selfenrollment was drastically simplified providing a token enrollment wizard. The token enrollment wizard can be enabled using a policy. The enrollment wizard will jump in, if the user has no token. When the user logs in to the WebUI he will be presented a two step enrollment without any distracting additional questions or choices.
The tokenwizard works for all kind of tokens. In this example it is a smartphone based Google Authenticator HOTP token.
After all this user stuff another important feature is the configuration of the Email-capabilities in privacyIDEA. Emails are used at different locations like EMail Token, SMS Token, Registration process and Password Reset. Therefore you can defined SMTP Server configurations centrally and choose which SMTP configuration you want to use for the specified task.
This is the complete changelog of version 2.10:
Version 2.10, 2016-02-11
- User Registration: A user may register himself and thus create his new user account.
- Password Reset: Using a recovery token a user may issue a password reset without bothering the administrator or the help desk.
- Enrollment Wizard for easy user token enrollment
- SMTP Servers: Define several system wide SMTP settings and use these for
- Email token,
- SMTP SMS Provider,
- registration process,
- or password reset.
- Ease the Smartphone App (Google Authenticator) rollout. Hide otplen, hash, timestep in the UI if a policy is defined.
- Add import of Aladdin/SafeNet XML file.
- Add import of password encrypted PSKC files.
- Add import of key encrypted PSKC files.
- Support LDAP passwords with special non-ascii characters.
- Support LDAP BIND with special non-ascii characters.
- Fix problem with encrypted encryption key.
- Fix upgrading DB Schema for postgresql+psycopg2.
- Fix UI displaying of saved SMS Provider.
- Do not start challenge response with a locked/disabled token.