Two Factor Authentication for ownCloud


NetKnights provides an enterprise ready two factor authentication for ownCloud via its own App. Authentication is performed against the centrally installed privcyIDEA authentication system.

Talk at Contributor Conference

Cornelius Kölbel will give a talk about the flexible two factor authentication for ownCloud using privacyIDEA at this years ownCloud Contributor Conference in Berlin from September 9th-15th, 2016.

Advantages by central management

One of the big advantages is, that employees only need on single second factor (possession). Using this centrally managed factor, the users not only can login to ownCloud. But they can also use this factor at more login scenarios. The 2nd factor can be used to login to Linux Desktops using PAM, to servers via SSH or to Windows Desktops using the privacyIDEA Credential Provider.

Lasting Two Factor Authentication with privacyIDEA

You may have read about the NIST, lately. NIST is updating its Digital Authentication Guideline.


NIST is the National Institute of Standards and Technologies. It is part of the Department of Commerce of the United States and works on standards which are met by several governmental institutions and and also companies. It is a physical laboratory and also deals with topics like earth quakes and fire protection. But also with standards in information technology. E.g., NIST played it’s role in defining the encryption protocols DES and AES.

Digital Authentication Guideline

Die Verwendung von SMS für Authentifizierung wird von NIST als veraltet eingestuft.

Die Verwendung von SMS für Authentifizierung wird von NIST als überholt eingestuft.

NIST now released a draft of its Digital Authentication Guideline. This guideline describes how to evaluate risks in authentication processes and also gives dedicated countermeasures and advices. Two factor authentication plays an important role.

The interesting and new part is, that the draft SP800-63B explicitly points out the risks of Out-Of-Band authentication using SMS (text messages). In section the usage of SMS is event denoted as deprecated!

OOB using SMS is deprecated, and may no longer be allowed in future releases of this guidance.

No authentication technology lasts forever

We do not want to start bashing SMS. But we should be very well aware, that no authentication technology is built for eternity or will withstand hackers forever. Technologies and processes we are using today may work very well – today. But tomorrow things may have changed and these technologies and processes may be easily bypassed by hackers.

The common conclusion should be: The used authentication technology or authentication process must be replacable. We should not rely on a product, that only implements one authentication process – in this case SMS. Because the effort if changing to another authentication process would mean changing the complete software. The complete backend. The vendor. Get a complete new solution.

Ever-lasting authentication with privacyIDEA

Due to this NetKnights relies on privacyIDEA. privacyIDEA is an authentication system, that supports a broad variety of tokens, authentication devices and thus authentication technologies and processes. Of course privacyIDEA supports one time passwords via SMS and Email. But it also supports one time passwords by smartphone apps, challenge response mechanisms, many different kind of OTP hardware devices, Yubikeys and also X.509 certificates and SSH keys.

A company which uses privacyIDEA has no problem with the NIST guideline. They can just enroll new token types for their users and smoothly change SMS tokens to smartphone apps, hardware tokens or Yubikeys. No software needs to be evaluated and replaced. No vendor needs to be contacted and no processes need to be changed.

This way privacyIDEA helps to reduce administrative costs and also reduces the TCO. NetKnights provides different level of service level agreemets for privacyIDEA. We also help with the integration of privacyIDEA into the company network and deliver the appropriate tokens.

Just ask us.


Safeword 2008 / SAM Express End of Life

Migrating SAMx provides a new chance

Safeword 2008 aka SAMx (SafeNet Authentication Manage Express) is going End-of-Life. SafeNet will stop providing support for SAMx by the end of 2017. In November 2016 (4 months from now!) they already will stop selling licenses for SAMx. I.e. if your company has 2000 SafeWord 2008 users and you need another 150 users, you will not be able to upgrade your license after 11/2016.


The end of Safeword/SAMx. New authentication devices and authentication methods provide you with a new chance.

But you may take the coming migration as your chance to open to new methods of authentication. You may head for a new, modern and modular authentication solution!

Advantages of privacyIDEA

privacyIDEA is a sensible solution for your needs.


  • privacyIDEA supports all common HOTP and TOTP tokens. In addition it supports many other special devices like Yubikeys, Smartdispalyer OTP cards, SMS, smartphones etc.
  • privacyIDEA is open source with high class enterprise support by NetKnights. I.e. a privacyIDEA installation will never go end of life.
  • You do not need to license privacyIDEA by users. You rather buy the corresponding service level agreement, which fits your needs. We provide a 10% discount, when migration from Safeword 2008 to privacyIDEA!
  • With privacyIDEA there are different ways to run smooth migrations, without the need to switch all users at once. Read more about migrations.

We provide customers migrating from SAMx/Safeword 2008 a 10% discount when ordering a service level agreement for privacyIDEA till December, 31st, 2016.

Order privacyIDEA now!

Read more about privacyIDEA.

privacyIDEA 2.13 with better PIN policy enforcement

privacyIDEA 2.13 was released. It features a better PIN policy enforcement and improved SMS handling. You can read more on the privacyIDEA blog.

Go and test privacyIDEA 2.13 or ask for an online demonstration. You may also book your presonal two factor workshop to discuss and plan your scenarios. Secure your accounts by getting privacyIDEA 2.13 with a software warranty by choosing your preferred service level aggreement.

New service and new prices for privacyIDEA SLA

Full Application Security Review


In addition to the continuous unit tests, code reviews and integration tests NetKnights is going to conduct a full application security review on the OTP and two factor authentication system privacyIDEA. This review will be done by prestigious external security experts. Moreover, it is planned to renew parts of this review on a regular basis.

This way the transparent open source software privacyIDEA will become even more reliable and trustworthy. You as a customer get a better service and an even more stable installation. In addition you will get early and regular reports and documentation of patching of any findings.

NetKnights – securing your identity!

New Prices

In this course we will adapt the prices for the service level agreements by Juli 15th. The support level “Small Business” will be at 139€ and the support level “Enterprise” at 389€ per month. The support level “Provider”, which allows the paralllel installation of unlimited privacyIDEA instances and is thus well designed for hosting providers, will cost 1399€ per month.

If you want to be up to date, please sign in to our newletter.

privacyIDEA applies for Open Source Business Award


The German Open Source Business Award (also called OSBAR) is awarded by the  Open Source Business Alliance. The Open Source Business Alliance in a German association of companies providing and working with Open Source solutions with about 200 members. The OSBAR is looking for innovative open source projects and ideas which provide a crucial benefit to companies and institutions of the public sector.


We believe that the open source project privacyIDEA covers these requirements. Compared to ordinary or classical OTP systems, privacyIDEA implements a lot of new ideas and thus allows for elegant solutions in your network.

This is why NetKnights applied with the project privacyIDEA for the Open Source Business Award. You may read the German application. privacyIDEA_OSBAR_2016

Two Factor Authentication with Event Handler Framework

privacyIDEA will provide an Event Handler Framework in the upcoming release 2.12.

Policies for Two Factor Authentication

Using policies you can already configure privacyIDEA in a very detailed and sophisticated manner. The administrator can define the behaviour of privacyIDEA. This way you can run privacyIDEA in many differenz scenarios and find a solution for all requirements. Policies change the authentication and authorization behaviour. The administrator can define security levels or perform an easy migration.


With the Event-Handler you get completely new possibilities. While policies change the behaviour of privacyIDEA, the Event-Handler does not change this, but starts completely new actions depending on events without changing the behaviour define by the policies.


event-handler-enThe screenshot above shows an event definition for the event “token_init”. This is the event of initializing or enrolling a token. In addition to the way the token is initialized, now the action “sendmail” is triggered. The logic is implemented in the handlermodule “UserNotification”. The interesting thing is, that such an action can be bound to any arbitrary event.


More Event-Handler-Module

The first event-handler module to be shipped is the module “UserNotification”. More modules are about to follow. A moduel “Enrollment” could trigger and action to enroll a certain token type for a user — as an reaction to any kind of event!

This way you get unimagined possibilities to design new, creative configurations and workflows. Once more privacyIDEA proves, that it is a modern, innovative and trend-setting authentication system.

Please sign up to our newsletter to always be up to date.

NetKnights at OpenRheinRuhr 2016

OpenRheinRuhr - Ein Pott voll Software

5.11.-6.11.2016, Oberhausen. The OpenRheinRuhr is an opensource conference in the so called “Ruhrpott”, Germany. There are roughly 30 exhibiters but several parallel tracks of talks. You get a new coffee mug (In German a “Pott”) every year and a coffee flat rate. The exhibitor hall is a former industrial hall built from bricks. Very cool. Very cool? It is November, nevertheless there will be a BBQ in the evening.

This year NetKnights again is a sponsor of this event.


privacyIDEA 2.11 with RADIUS Migration on Univention Corporate Server

privacyIDEA on Univention Corporate Server

privacyIDEA 2.11 is now available on the Univention Corporate Server. Using authentication policies privacyIDEA can conditionally forward authentication requests to external RADIUS servers. This way you can setup easy migration scenarios of old, EOL OTP systems.Logo_UCS_certified

You can find more on the RADIUS forwarding in the release notes.

SLA and Subscription

Already for a while privacyIDEA is available in the AppCenter of the Univention Corporate Server. This plattform provides an easy installation, maintenance and update. For running privacyIDEA on the Univention Corporate Server you need a valid service level aggreement. You may get your personal test subscription here.

privacyIDEA 2.11 released for easy migration

Today privacyIDEA 2.11 was released. This new version allows easy migration if you are running an old, proprietary 3rd party OTP solution.

Read more about easy OTP system migration with privacyIDEA.

If you are entitled with a valid support contract, please do not hesitate to contact us in case of any question.