privacyIDEA on Univention Corporate ServerLogo_UCS_certified

privacyIDEA 2.14 is available on the Univention Corporate Server via the AppCenter. With 2.14 the Event-Handler-Framework was improved. Administrators can now import encrypted seed files – protecting the secret seeds even better. Performance for slow LDAP and Active Directory connections was improved.

Subscription and Testlicense

You can get a subscription for privacyIDEA4UCS or request your test license.


Today privacyIDEA 2.14 was released. It supports the import of encrypted seed files. The event handler framework was improved in many ways.

Read more on the project website.


NetKnights provides an enterprise ready two factor authentication for ownCloud via its own App. Authentication is performed against the centrally installed privcyIDEA authentication system.

Talk at Contributor Conference

Cornelius Kölbel will give a talk about the flexible two factor authentication for ownCloud using privacyIDEA at this years ownCloud Contributor Conference in Berlin from September 9th-15th, 2016.

Advantages by central management

One of the big advantages is, that employees only need on single second factor (possession). Using this centrally managed factor, the users not only can login to ownCloud. But they can also use this factor at more login scenarios. The 2nd factor can be used to login to Linux Desktops using PAM, to servers via SSH or to Windows Desktops using the privacyIDEA Credential Provider.

You may have read about the NIST, lately. NIST is updating its Digital Authentication Guideline.


NIST is the National Institute of Standards and Technologies. It is part of the Department of Commerce of the United States and works on standards which are met by several governmental institutions and and also companies. It is a physical laboratory and also deals with topics like earth quakes and fire protection. But also with standards in information technology. E.g., NIST played it’s role in defining the encryption protocols DES and AES.

Digital Authentication Guideline

Die Verwendung von SMS für Authentifizierung wird von NIST als veraltet eingestuft.

Die Verwendung von SMS für Authentifizierung wird von NIST als überholt eingestuft.

NIST now released a draft of its Digital Authentication Guideline. This guideline describes how to evaluate risks in authentication processes and also gives dedicated countermeasures and advices. Two factor authentication plays an important role.

The interesting and new part is, that the draft SP800-63B explicitly points out the risks of Out-Of-Band authentication using SMS (text messages). In section the usage of SMS is event denoted as deprecated!

OOB using SMS is deprecated, and may no longer be allowed in future releases of this guidance.

No authentication technology lasts forever

We do not want to start bashing SMS. But we should be very well aware, that no authentication technology is built for eternity or will withstand hackers forever. Technologies and processes we are using today may work very well – today. But tomorrow things may have changed and these technologies and processes may be easily bypassed by hackers.

The common conclusion should be: The used authentication technology or authentication process must be replacable. We should not rely on a product, that only implements one authentication process – in this case SMS. Because the effort if changing to another authentication process would mean changing the complete software. The complete backend. The vendor. Get a complete new solution.

Ever-lasting authentication with privacyIDEA

Due to this NetKnights relies on privacyIDEA. privacyIDEA is an authentication system, that supports a broad variety of tokens, authentication devices and thus authentication technologies and processes. Of course privacyIDEA supports one time passwords via SMS and Email. But it also supports one time passwords by smartphone apps, challenge response mechanisms, many different kind of OTP hardware devices, Yubikeys and also X.509 certificates and SSH keys.

A company which uses privacyIDEA has no problem with the NIST guideline. They can just enroll new token types for their users and smoothly change SMS tokens to smartphone apps, hardware tokens or Yubikeys. No software needs to be evaluated and replaced. No vendor needs to be contacted and no processes need to be changed.

This way privacyIDEA helps to reduce administrative costs and also reduces the TCO. NetKnights provides different level of service level agreemets for privacyIDEA. We also help with the integration of privacyIDEA into the company network and deliver the appropriate tokens.

Just ask us.


Migrating SAMx provides a new chance

Safeword 2008 aka SAMx (SafeNet Authentication Manage Express) is going End-of-Life. SafeNet will stop providing support for SAMx by the end of 2017. In November 2016 (4 months from now!) they already will stop selling licenses for SAMx. I.e. if your company has 2000 SafeWord 2008 users and you need another 150 users, you will not be able to upgrade your license after 11/2016.


The end of Safeword/SAMx. New authentication devices and authentication methods provide you with a new chance.

But you may take the coming migration as your chance to open to new methods of authentication. You may head for a new, modern and modular authentication solution!

Advantages of privacyIDEA

privacyIDEA is a sensible solution for your needs.


  • privacyIDEA supports all common HOTP and TOTP tokens. In addition it supports many other special devices like Yubikeys, Smartdispalyer OTP cards, SMS, smartphones etc.
  • privacyIDEA is open source with high class enterprise support by NetKnights. I.e. a privacyIDEA installation will never go end of life.
  • You do not need to license privacyIDEA by users. You rather buy the corresponding service level agreement, which fits your needs. We provide a 10% discount, when migration from Safeword 2008 to privacyIDEA!
  • With privacyIDEA there are different ways to run smooth migrations, without the need to switch all users at once. Read more about migrations.

We provide customers migrating from SAMx/Safeword 2008 a 10% discount when ordering a service level agreement for privacyIDEA till December, 31st, 2016.

Order privacyIDEA now!

Read more about privacyIDEA.

privacyIDEA 2.13 was released. It features a better PIN policy enforcement and improved SMS handling. You can read more on the privacyIDEA blog.

Go and test privacyIDEA 2.13 or ask for an online demonstration. You may also book your presonal two factor workshop to discuss and plan your scenarios. Secure your accounts by getting privacyIDEA 2.13 with a software warranty by choosing your preferred service level aggreement.

Full Application Security Review


In addition to the continuous unit tests, code reviews and integration tests NetKnights is going to conduct a full application security review on the OTP and two factor authentication system privacyIDEA. This review will be done by prestigious external security experts. Moreover, it is planned to renew parts of this review on a regular basis.

This way the transparent open source software privacyIDEA will become even more reliable and trustworthy. You as a customer get a better service and an even more stable installation. In addition you will get early and regular reports and documentation of patching of any findings.

NetKnights – securing your identity!

New Prices

In this course we will adapt the prices for the service level agreements by Juli 15th. The support level “Small Business” will be at 139€ and the support level “Enterprise” at 389€ per month. The support level “Provider”, which allows the paralllel installation of unlimited privacyIDEA instances and is thus well designed for hosting providers, will cost 1399€ per month.

If you want to be up to date, please sign in to our newletter.


The German Open Source Business Award (also called OSBAR) is awarded by the  Open Source Business Alliance. The Open Source Business Alliance in a German association of companies providing and working with Open Source solutions with about 200 members. The OSBAR is looking for innovative open source projects and ideas which provide a crucial benefit to companies and institutions of the public sector.


We believe that the open source project privacyIDEA covers these requirements. Compared to ordinary or classical OTP systems, privacyIDEA implements a lot of new ideas and thus allows for elegant solutions in your network.

This is why NetKnights applied with the project privacyIDEA for the Open Source Business Award. You may read the German application. privacyIDEA_OSBAR_2016