, ,

privacyIDEA 2.20.1 Enterprise Edition released

Today we released the stable version 2.20.1 of the privacyIDEA Enterprise Edition.

The Enterprise Edition as version 2.X.1 is released a few weeks after the corresponding major public release and contains necessary bug fixes. We already wrote about version 2.20.

Version 2.20.1 now fixes some minor bugs:

  • When using PostgreSQL database the administrator can now filter for the data as expected.
  • During enrollment the default realm will be set as default in the UI.
  • Errors with PassOnNoUser and PassOnNoToken were fixed.
  • The genkey parameter during enrollment was consolidated.

The Enterprise Edition of the Multi-Factor-Authentication system privacyIDEA is ment for enterprises and organizations, which need a reliable update process. It is available for Ubuntu 14.04LTS, Ubuntu 16.04LTS, CentOS7, RHEL7 and the Univention Corporate Server.

, ,

Federated authentication with privacyIDEA 2.20

Today we released privacyIDEA 2.20. Packages are publically available in the Laundpad repositories for Ubuntu 14.04LTS and 16.04LTS. You can also install the new version via the Python Package Index on any other distribution.

New Features in privacyIDEA

Federation-Handler

The new federation handler allows to forward authentication requests to sibling privacyIDEA instances.

This way you can setup network structures, where brances of an enterprise or sub organizations can run their own privacyIDEA instance under their own control. Authentication requests will be handled by a central privacyIDEA instance and forwarded to the corresponding instance, where the user and the user’s tokens are managed.

This way business devisions, departments or sub contractors can manage the tokens of their own employees.

The federation handler also offers new possibilities and business models for service providers.

New token type OCRA and DisplayTAN

In version 2.20 we also added the basic token type OCRA and the special type DisplayTAN. The DisplayTAN is a hardware card, which can communitcate with a smartphone via Bluetooth LE. This way the OCRA challenge is sent to the card, the user can check the challenge data and the card will generate an OTP value as response.

OCRA is specified in RFC 6287. A common use case is signing bank transactions. This way a TAN (OTP value) can be generated in hardware, and this TAN totally depends on the transaction information. Thus privacyIDEA can be perfectly used to manage authentication and signing devices for banking scenarios. We already talked about this in a previous blog post.

Login with different login names

The LDAP resolver now allows that a user can login with different LDAP attributes. The administrator can specify the list of attributes, which may be used as login names. This way an user can choose if he will login with the sAMAccountNAme, the email address or a telephone number.

Authentication cache

The administrator can now define if and how long succesful authentication should be cached. This way it is possible for a certain amount of time to authenticate with the very same OTP value again. Yes, this is not the original idea of OTP. But certain specific applications may need such a functionality. This behaviour is specified in an authentication policy, which can also depend on time and client IP.

More functions

Many policies now allow to use resolvers in the policy definition. This way the administrator can define the behaviour of privacyIDEA depending on user groups in detail.

During the rollout process of smartphone tokens, privacyIDEA display a QR-Code to the user. If the user is in doubt, that the QR-Code may be also seen by an attacker, he can now immediately regenerate the QR-Code.

All event handler definitions can now be ordered to your needs. This way the administrator can precisely define the behaviour and reaction of privacyIDEA.

The conditions of event handlers may now contain times and time deltas.

Challenge Response tokens can now be used to unlock the UI.

While installing Ubuntu packages, a PGP key pair is generated. The public PGP key can be easily used to encrypt the seed files before importing tokens.

You can find a complete changelog at Github.

Enterprise Edition and Consultancy

NetKnights provides consulting and support with the privacyIDEA Enterprise Edition. Using Open Source you optimize your total cost of ownership this way, that there are no external limitations which dictate how long or short your may use the software. Getting the privacyIDEA Enterprise Edition including an SLA you get the warranty and thus operating safety.

You want to stay tuned? Please subscribe to our newsletter!

You want to know more? Get in touch!

 

, ,

privacyIDEA 2.19.1 on Univention Corporate Server

The Enterprise Version 2.19.1 of privacyIDEA is now available on the Univention Corporate Server. With version 2.19.1 privacyIDEA is now available on the Univention Corporate Server 4.2. Customers can easily upgrade from UCS 4.1 with privacyIDEA 2.18.1 to UCS 4.2 with privaccyIDEA 2.19.1.

Besides the improvements in Univention Corporate Server 4.2 privacyIDEA 2.19.1 also comes with interesting improvements. These are the generic user cache, which can reduce the authentication time dramatically. Using policies the administrator can define which U2F devices may be registered and used by the users. A Token Janitor allows the administrator to find orphaned tokens and either disable or delete these. We already blogged about the complete new features in privacyIDEA 2.19.

Service Level Agreement and Subscription

privacyIDEA4UCS can be installed on the Univention Corporate Server quickly and easily via the Univention App Center. You can find further details on privacyIDEA4UCS on the product page and also get a test subscription. The normal service level agreement for privacyIDEA also entitles the customer to use privacyIDEA on the Univention Corporate Server.

,

privacyIDEA 2.19 – Performance, U2F and secure Smartphone Apps

Today we released privacyIDEA 2.19. Packages are available in the Launchpad-Repos for Ubuntu 14.04LTS and 16.04LTS. You can also install privacyIDEA on any Linux distribution using the python package index.

New Features in privacyIDEA

Authentication performance

privacyIDEA 2.19 is up to 72% faster!

In tests in the lab privacyIDEA 2.19 shows improved performance. Authentication requests are up to 72% faster than in the previous version. This is also due to a new generic user cache. This user cache stores the link between login name and user object in the local SQL database. Thus time consuming requests to the originial user store like LDAP servers or Active Directory get obsolete.

Filter U2F devices for the users

Using policies the administrator can define which type of U2F device the user is allowed to register. In further policies the administrator can also define, which U2F types the users can use to authenticate at certain applications. This way the usage of certain U2F devices can be denied in your company or certain devices from specific vendors can be required for login to sensitive systems.

Secure smartphone apps with privacyIDEA

The classical smartphone app enrollment comes with several problems, which privacyIDEA 2.19 can solve.

In a previous blog post we already pointed out the limitations of the usual smartphone enrollment with the Google Authenticator.  As a company or large organization you want to keep control over the enrollment processes of your users. Thus in version 2.19 of privacyIDEA a better rollout possibility was added. The smartphone and the privacyIDEA server do a mutual key generation. Both create a component, the secret key is generated from both components. This avoids easy copying of the QR-Codes.

Read more details in the privacyIDEA Blog.

More functions

Version 2.19 comes with further detail improvements like using the IP address or the browser user agent in the event handler framework. The date and timeformat was consolidated. Now the complete ISO date with timezone is saved to the database. This heavily eases working across timezones in international setups.

You may want to take a look at the complete Changelog.

Enterprise Edition and Consultancy

NetKnights provides consulting and support with the privacyIDEA Enterprise Edition. Using Open Source you optimize your total cost of ownership this way, that there are no external limitations which dictate how long or short your may use the software. Getting the privacyIDEA Enterprise Edition including an SLA you get the warranty and thus operating safety.

 

You want to stay tuned? Please subscribe to our newsletter!

You want to test the system yourself? Register for a test instance!

You want to know more? Get in touch!

, ,

privacyIDEA 2.17 on Univention Coporate Server

As of now privacyIDEA 2.17 is available on the Univention Coporate Server. We already wrote about the new features in privacyIDEA 2.17. Customers who rely on the Univention Corporate Server can now update to version 2.17 easily out of the Univention App Center.

privacyIDEA Enterprise Edition Subscription

privcayIDEA 4 UCS has the same feature set as the native privacyIDEA. NetKnights provides the usual Enterprise Subscription Levels but also simple Update-Subscriptions.

, ,

privacyIDEA 2.17 – Improve Event Handling. Flexible triggering of SMS

privacyIDEA was released in version 2.17.

As always NetKnights provides consultancy and service level agreements for the privacyIDEA Enterprise Edition.

For more details on version 2.17 see the privacyIDEA blog.

,

privacyIDEA 2.16 available on the Univention Corporate Server

privacyIDEA 2.16.1 is available on the Univention Corporate Server. Now customers with a UCS subscription can also update to version 2.16 and use the improve Event Handler and Web UI. In privacyIDEA4UCS we released a patch level 2.16.1, which – in comparison to 2.16 – also comes with a few LDAP improvements concerning redundancy and timeouts.

Different versions of subscription

There are two versions of subscription. The privacyIDEA Enterprise Edition also allows to run privacyIDEA on the Univention Corporate Server with an unlimited number of users. The second version is the privacyIDEA4UCS Update Subscription, which allows the user to receive updates of privacyIDEA on the UCS. The privacyIDEA4UCS Update Subscription is only recommended for up to 50 users.

, ,

privacyIDEA 2.16 – secure your data – flexible events

On November 10th privacyIDEA 2.16 was released.

New Main Features

privacyIDEA 2.16 comes with three new main features: Improved event handling, subscription management and improved hardware security module support. The hardware security module component was contributed by our partner AxiadIDS.

You can read more about the details in 2.16 on the project page.

Enterprise Edition

NetKnights provides consulting and support for privacyIDEA with the privacyIDEA Enterprise Edition. This way you can protect your invest and get the liability of a professional SLA.