privacyIDEA 3.4 Released

multi challenges, admin dashboard and custom token types

Today we release privacyIDEA 3.4. It comes with a bunch of new features which on the one hand enhance the usability and on the other increase the flexibility of the system even more. This version includes a first dashboard to welcome the admin user providing status information and shortcut links. The Multi-Challenge feature enables PIN resets via challenge-response and it is now easy to enhance privacyIDEA with new 3rd party token types without the need to change the core code.

Challenge after Challenge – The Multiple Challenges with privacyIDEA

privacyIDEA 3.4 can now send a new challenge in reply to a solved challenge. What does this mean? Well, think about using SMS tokens which are secured with an additional PIN. The users log in remotely at the VPN Gateway with privacyIDEA in the back-end. The company also decided to have the users change their pin every six months by using the enrollment policy change_pin_every. The new policy change_pin_via_validate allows the PIN change directly at the gateway via challenge-response. The developers at NetKnights work on a number of additional use cases for the Multi-Challenges. So far the PIN change and the indexed secret token support multiple challenges, but also the 4eyes token will get this new feature soon. Stay tuned!

privacyIDEA Dashboard

Why should every admin user look at the token list after login? privacyIDEA 3.4 changes this behavior by introducing a first dashboard feature. It can be enabled via policy and brings the attention to some more useful information. The dashboard displays the numbers of assigned tokens and unassigned hardware tokens. Especially the number of available hardware tokens is an important information, so that the administrator knows, when he should order new authentication devices.

Further information is the number of authentications within the last 24 hours, recent administrative changes, subscription info and quick links to policies and event handlers.

Since this is the first version of a dashboard for privacyIDEA, feedback is very welcome to identify the needs of the users.

The administrator can see important information in a quick glance on the dashboard.

SMS Flexibility – The Script SMS Provider

With the Script SMS Provider, privacyIDEA is now able to use custom scripts to send messages. Although it was designed to reach out to internet-based SMS services (see this script), this feature opens the door to send OTP values to any arbitrary gateway like your own Jabber-Server or use any remote service of your liking. Also the popular HTTP SMS Provider was extended to support custom header fields.

Which type should it be, please?

During a validate/check request, privacyIDEA always checked all tokens of the given user to match the given PIN and OTP. Specifically in enterprise portal applications, where privacyIDEA is the back-end authentication solution, sometimes only a specific token type should be checked. For these cases, the software now contains a policy to allow the type parameter in the validate/check request.

Custom token types for faster development

privacyIDEA 3.4 facilitates the implementation of third-party token types. This basically enables the development of tailored features without the need to touch the core code of privacyIDEA. For customers, this means that the solutions to their specific use cases do not have to wait for the standard release-cycle.

There are a lot more minor features and fixes. The complete changelog can be found at Github.

Enterprise-grade 2FA with privacyIDEA

privacyIDEA is an enterprise-grade open-source multi-factor-authentication solution. The development on Github is driven by the company NetKnights GmbH but contributions from the community are very welcome. For privacyIDEA open source means that you will be able to run it forever, without the fear of an end-of-life scenario. If you want to participate in privacyIDEA, read our contributing guide at Github. You can discuss about privacyIDEA and share your use case in the privacyIDEA community. Open source also means that the code comes without any warranty. NetKnights provides professional support for enterprise customers in three different levels.

privacyIDEA 3.4 can be installed from the Github sources, from the Python Package index at or with the community packages for Ubuntu 16.04 LTS and 18.04 LTS. NetKnights will also offer packages for CentOS/RHEL in the privacyIDEA Enterprise Edition.

Start the discussion at