On Sunday February 3rd I will give a talk how you can use privacyIDEA to add enterprise grade multi factor authentication to ownCloud.

privacyIDEA is easy. And flexible. It is probably the most flexible open source multi factor authentication systems around. And some scenarios are easy. So easy that you can add enterprise grade 2FA to owncloud in under 15 minutes.

Take a look at this in Brussels.

FOSDEM is a huge and great event with lots of talks and lots of people to meat. I am looking forward to a crowded room “Ferror” on Sunday!

You want to use two factor authentication for all your users? But you are always wondering how you should enroll an authentication device to every single of your users? Existing solutions do not provide convenient ways to equip thousands of users easily with a second factor?

Using automated processes with a REST API and an automating event handler privacyIDEA provides the necessary means to easily do this task.

At FOSDEM Cornelius will give a talk about how easy it can be using privayIDEA to enroll second factors to all your lots of users. Join FOSDEM in Brussels and February 4th and learn about those great features of privacyIDEA.

Secure Rollout of a smartphone app

The central new feature of privacyIDEA 2.21 is the possibility to enroll a smartphone token in a more secure way. privacyIDEA supported smartphone Apps like the Google Authenticator and FreeOTP right from the start. But you already might be aware of the problems with enrolling smartphone tokens.

This is why we added a 2-step enrollment in privacyIDEA 2.21.

2-Step enrollment in privacyIDEA 2.21

Using privacyIDEA you have now the possibility to enroll a smartphone token in a much securer way. The sensitive secret key is created from a part generated on the server side and a second part generated on the phone side. This way an attacker can no longer easily copy the smartphone token during the enrollment process. You can find a more technical specification of the two step enrollment in the online documentation.

The new privacyIDEA Authenticator App will support this new two step enrollment and is also backward compatible to the normal Google Authenticator enrollment URI. Ask the company NetKnights to be part of the beta testing phase of the privacyIDEA Authenticator App.

Easy administration

Many enhancements will make the daily life easier for the token administrator. The root user can now export an encrypted PSKC file. The data can then be imported to another privacyIDEA instance or to any other RFC6030 complient applicantion. The event handlers were also improved: The Notification handler now has more tags to be used in the body and the Federation handler can forward administrative requests.

Clean-up Audit log

Audit Log can be rotated in a more sophisticated way. The administrator can specify retention times for different log entries.

Better HSM support

Hardware Securtiy Modules can now be used to generate random numbers at many different places within privacyIDEA:

You can view a complete changelog at github.

Enterprise Edition

If you are running large mission critical setups, privacyIDEA is also available as Enterprise Edition with support and warranty/liability.

privacyIDEA going FOSDEM

The privacyIDEA project will be at FOSDEM 2018 on February 3rd and 4th. We have a stand in building H. Please join us there!

We are happy to announce that the privacyIDEA project will have a stand at FOSDEM 2018.

privacyIDEA acts as the central authentication system for two factor authentication in your network. Other applications can be connected to privacyIDEA to improve their login security. These applications can connect using standard protocols like PAM, RADIUS, SAML or LDAP. But there are also many plugins for special applications available.
privacyIDEA plays nice with a lot of other open source applications like FreeIPA, WordPress, Django, Apache, OTRS, ownCloud… and is thus a vivid security component of the open source ecosystem.

This is why we are happy to present privacyIDEA at FOSDOM to the international open source community.

The stand is located in buildng H. Stop by to ask any question about multi factor authentication. If you are already using privacyIDEA and want to help with the stand and tell others about your successful experiences, please write us an email, so that we can coordinate your effort.