NetKnights improves adjustability

Kassel, September 4th 2019. The open source security specialist NetKnights has updated and significantly enhanced its multi-factor authentication software “privacyIDEA”. The new version offers more flexibility to define the rights of users – and administrators – more granularly. The migration of proprietary and legacy systems is significantly simplified.

With the version 3.1 of privacyIDEA it is possible to bind the guidelines for user rights to any user parameters, for example LDAP attributes. In addition, an automatic reassignment of already used tokens eases the migration of other 2FA systems once again significantly. The “old” token PIN of a user can also be automatically adopted without the intervention of the IT department.

More flexibility in the definition of policies

With privacyIDEA, the administrator can now define policies dependent on any attributes. Which attributes these are is defined in extensible modules; in version 3.1 the user module is included. That means, the administrator does not have to bind the policies as before to a complete user source, but can generate a different behavior within a user source and/or user group dependent on the respective LDAP attribute of a user by the policies. For example, a company can enforce that users with access to more sensitive data can only log on with a secure token type, or that users who do not have an e-mail address, for example, are denied certain functions.

At the same time, the new privacyIDEA further expands the separation of special read rights for administrators. The policies can be used to define which administrators or helpdesk staff are allowed to read some configurations or not. The administrators’ read rights on tokens have also been refined. They only have access to the keys assigned to them. This makes it even easier to map client scenarios.

Easier migration through automatic token assignment

privacyIDEA allows a smooth migration of proprietary legacy or 2FA systems. This is relevant when manufacturers stop the development of proprietary systems (“end-of-life”) or products no longer meet the requirements of users.

After the seed files of the old system tokens have been imported into privacyIDEA, the system can immediately assign the tokens to the user in privcayIDEA during the login attempt. At the same time privacyIDEA can set the old Token PIN automatically, without an employee from the IT or the user having to become active for this.

Many additional extensions

The RADIUS Token now supports Challenge-Response. The push token functionality has been enhanced. For example, an authentication request can wait with the response until the push message is confirmed. This facilitates the integration of the privacyIDEA push token into third-party products.

The TiQR token has been extended by several functions that make it more convenient to use. The function of the TiQR token is comparable to that of a push token. However, the challenge is not sent via the push service of a third-party manufacturer, but via a QR code that the user scans. 

The administrator can define a welcome message for the users in the privacyIDEA graphical user interface in order to guide new users better through the rollout process.

Email notifications can now include a variety of new placeholders to better customize the message to the situation. 

The privacyIDEA server can force a token in the privacyIDEA Authenticator App to be protected with a PIN.

Event handler events can now also be connected to the WebUI login.

 

A complete list of the changes can be found in the changelog at Github.

 

Availability

privacyIDEA 3.1 is now available via the public repositories for Ubuntu 16.04 and 18.04. The software can also be installed on any distribution using the Python Package Index.

Secure and trunstworthy authentication at Windows Desktop and Terminal Server

Today we release the version 2.5 of the privacyIDEA Credential Provider. The privacyIDEA Credential Provider requires a user to login to the Windows desktop or terminal server using a 2nd factor. The user could use his smartphone with a smartphone app, a one time password token, a Yubikey or Nitrokey to authenticate. As an alternative the authentication backend can also send an Email or text message, containing a one time code, to the user for login.

The authentication is done against the privacyIDEA authentication system. The administrator can manage and control all authentication devices in this very central location in the own company network.

Authentication under your control

The administrator can adapt the look and feel of the privacyIDEA Credential Provider according to the corporate design. Logos and text can be adapted to fit the authentication policies in your company.

The Credential Provider integrates seemlessly into an existing Windows network. It supports Network Level Authentication (NLA), User Access Control (UAC) and Over-The-Shoulder (OTS). The user can change his domain password during the login process and also during unlocking a locked desktop session.

privacyIDEA Credential Provider comes as an MSI package. Thus it can easily be enrolled using the preferred software deployment system and be installed on Windows 8, Windows 10, Server 2012 and 2016.

By authenticating against the privacyIDEA backend you get the free choice of which user should use which authentication device. Thus you gain the full control of the authentication processes in your organization.

New in der Version 2.5

The core new feature in version 2.5 is a challenge response authentication. This allows the user to also use one time codes sent via Email or SMS to authenticate to the Windows machine.

The privacyIDEA Credential Provider is available for download for registered customers. If you are interested in testing the software you can get a demo copy for an excessive test in your environment.

Kassel, September, 26th 2017. The World Wide Web Consortium (W3C) is implementing privacyIDEA for securing access to their infrastructure with a second factor. The privacyIDEA Authentication System was chosen due to its flexible nature and the possibility to allow a single sign on experience for the users.

The services and especially the users are distributed world wide. Shipping authentication devices centrally is not efficient. Allowing only one type of authentication object is not an option. For W3C this is a big advantage that privacyIDEA can manage many different token type of different vendors at the same time. The lean REST API allows easy integration into their own user portal. W3C connected privacyIDEA to their existing user management. Users will be able to choose if they want to self-enroll Smartphone-Applications or U2F devices. Depending on the device type users gain access to resources of different security levels.

“Working with NetKnights is very effective. They provide just the right amount of consultancy for us to be able to implement the open source software privacyIDEA into our network and in our workflows.” said Ted Guild, Head of W3C Systems. Cornelius Kölbel, CEO at NetKnights, added: “W3C stands for Web standards. So we are very happy that W3C chose privacyIDEA, as this is an open solution, which complies to an open development workflow and open standards.”

About the World Wide Web Consortium (W3C)

The mission of the World Wide Web Consortium (W3C) is to lead the Web to its full potential by creating technical standards and guidelines to ensure that the Web remains open, accessible, and interoperable for everyone around the globe. W3C standards HTML5 and CSS are the foundational technologies upon which all Web sites are built. For its work to make online videos more accessible with captions and subtitles, W3C received a 2016 Emmy Award.

W3C’s vision for “One Web” brings together thousands of dedicated technologists representing more than 400 member organizations and dozens of industry sectors. Organizationally, W3C is jointly run by the MIT Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) in the United States, the European Research Consortium for Informatics and Mathematics (ERCIM) headquartered in France, Keio University in Japan and Beihang University in China.

For more information see www.w3.org.

About NetKnights and privacyIDEA

NetKnights GmbH is located in Kassel, Germany. It is an independent IT Security firm, providing services and products in the fields of strong authentication, identity management and encryption. NetKnights employs the core developers of the modular authentication system privacyIDEA.

privacyIDEA is open source software and thus has not vendor defined end of life. Customers can own their privacyIDEA installation and use it without restrictions. NetKnights provides different subscription and support levels of privacyIDEA Enterprise Edition to meet the requirements of companies.

From October 10th-12th NetKnights presents privacyIDEA at the IT security fair it-sa in Nuremberg, Germany, at stand 10.1-208.