, ,

privacyIDEA 2.20.1 Enterprise Edition released

Today we released the stable version 2.20.1 of the privacyIDEA Enterprise Edition.

The Enterprise Edition as version 2.X.1 is released a few weeks after the corresponding major public release and contains necessary bug fixes. We already wrote about version 2.20.

Version 2.20.1 now fixes some minor bugs:

  • When using PostgreSQL database the administrator can now filter for the data as expected.
  • During enrollment the default realm will be set as default in the UI.
  • Errors with PassOnNoUser and PassOnNoToken were fixed.
  • The genkey parameter during enrollment was consolidated.

The Enterprise Edition of the Multi-Factor-Authentication system privacyIDEA is ment for enterprises and organizations, which need a reliable update process. It is available for Ubuntu 14.04LTS, Ubuntu 16.04LTS, CentOS7, RHEL7 and the Univention Corporate Server.

, ,

Federated authentication with privacyIDEA 2.20

Today we released privacyIDEA 2.20. Packages are publically available in the Laundpad repositories for Ubuntu 14.04LTS and 16.04LTS. You can also install the new version via the Python Package Index on any other distribution.

New Features in privacyIDEA

Federation-Handler

The new federation handler allows to forward authentication requests to sibling privacyIDEA instances.

This way you can setup network structures, where brances of an enterprise or sub organizations can run their own privacyIDEA instance under their own control. Authentication requests will be handled by a central privacyIDEA instance and forwarded to the corresponding instance, where the user and the user’s tokens are managed.

This way business devisions, departments or sub contractors can manage the tokens of their own employees.

The federation handler also offers new possibilities and business models for service providers.

New token type OCRA and DisplayTAN

In version 2.20 we also added the basic token type OCRA and the special type DisplayTAN. The DisplayTAN is a hardware card, which can communitcate with a smartphone via Bluetooth LE. This way the OCRA challenge is sent to the card, the user can check the challenge data and the card will generate an OTP value as response.

OCRA is specified in RFC 6287. A common use case is signing bank transactions. This way a TAN (OTP value) can be generated in hardware, and this TAN totally depends on the transaction information. Thus privacyIDEA can be perfectly used to manage authentication and signing devices for banking scenarios. We already talked about this in a previous blog post.

Login with different login names

The LDAP resolver now allows that a user can login with different LDAP attributes. The administrator can specify the list of attributes, which may be used as login names. This way an user can choose if he will login with the sAMAccountNAme, the email address or a telephone number.

Authentication cache

The administrator can now define if and how long succesful authentication should be cached. This way it is possible for a certain amount of time to authenticate with the very same OTP value again. Yes, this is not the original idea of OTP. But certain specific applications may need such a functionality. This behaviour is specified in an authentication policy, which can also depend on time and client IP.

More functions

Many policies now allow to use resolvers in the policy definition. This way the administrator can define the behaviour of privacyIDEA depending on user groups in detail.

During the rollout process of smartphone tokens, privacyIDEA display a QR-Code to the user. If the user is in doubt, that the QR-Code may be also seen by an attacker, he can now immediately regenerate the QR-Code.

All event handler definitions can now be ordered to your needs. This way the administrator can precisely define the behaviour and reaction of privacyIDEA.

The conditions of event handlers may now contain times and time deltas.

Challenge Response tokens can now be used to unlock the UI.

While installing Ubuntu packages, a PGP key pair is generated. The public PGP key can be easily used to encrypt the seed files before importing tokens.

You can find a complete changelog at Github.

Enterprise Edition and Consultancy

NetKnights provides consulting and support with the privacyIDEA Enterprise Edition. Using Open Source you optimize your total cost of ownership this way, that there are no external limitations which dictate how long or short your may use the software. Getting the privacyIDEA Enterprise Edition including an SLA you get the warranty and thus operating safety.

You want to stay tuned? Please subscribe to our newsletter!

You want to know more? Get in touch!

 

, ,

privacyIDEA 2.19.1 on Univention Corporate Server

The Enterprise Version 2.19.1 of privacyIDEA is now available on the Univention Corporate Server. With version 2.19.1 privacyIDEA is now available on the Univention Corporate Server 4.2. Customers can easily upgrade from UCS 4.1 with privacyIDEA 2.18.1 to UCS 4.2 with privaccyIDEA 2.19.1.

Besides the improvements in Univention Corporate Server 4.2 privacyIDEA 2.19.1 also comes with interesting improvements. These are the generic user cache, which can reduce the authentication time dramatically. Using policies the administrator can define which U2F devices may be registered and used by the users. A Token Janitor allows the administrator to find orphaned tokens and either disable or delete these. We already blogged about the complete new features in privacyIDEA 2.19.

Service Level Agreement and Subscription

privacyIDEA4UCS can be installed on the Univention Corporate Server quickly and easily via the Univention App Center. You can find further details on privacyIDEA4UCS on the product page and also get a test subscription. The normal service level agreement for privacyIDEA also entitles the customer to use privacyIDEA on the Univention Corporate Server.

,

privacyIDEA 2.18 – authentication and trust

Today privacyIDEA 2.18 was released. Packages are available in the launchpad respository for Ubuntu 14.04LTS and 16.04LTS. Using the Python package index privacyIDEA can be installed on any distribution.

privacyIDEA manages certificate authorities

The flexible Open Source multi-factor-authentication system privacyIDEA comes with new featues in regards to certificate authorities. In addition to OTP tokens, smartphones, email- and SMS-token, Yubikeys and Nitrokeys privacyIDEA has improved the managing capabilites of certificate tokens. The administrator can use a setup wizard to setup a local CA more easily. If a certificate token is revoked, the CRL will be created automatically. Using certificate templates it is easier for administrators and users to enroll the type of certificate which suites the best.

You can get more information from the privacyIDEA blog.

 

Further Enhancements

privacyIDEA 2.18 comes with a lot of further enhancements which will ease the work with your privacyIDEA installation. You should definitively take a look at the complete Changelog.

If your users are located in an LDAP directory you should check the settings of your LDAP resolver. The new version of privacyIDEA relies on a new version of the Python ldap3 module and the privacyIDEA can easily check the validity of the LDAP server certificate thus mitigating the risk of man-in-the-middle attacks.

Enterprise Edition

NetKnights provides consulting and support with the privacyIDEA Enterprise Edition. Using Open Source you optimize your total cost of ownership this way, that there are no external limitations which dictate how long or short your may use the software. Getting the privacyIDEA Enterprise Edition including an SLA you get the warranty and thus operating safety.

, ,

privacyIDEA 2.17 on Univention Coporate Server

As of now privacyIDEA 2.17 is available on the Univention Coporate Server. We already wrote about the new features in privacyIDEA 2.17. Customers who rely on the Univention Corporate Server can now update to version 2.17 easily out of the Univention App Center.

privacyIDEA Enterprise Edition Subscription

privcayIDEA 4 UCS has the same feature set as the native privacyIDEA. NetKnights provides the usual Enterprise Subscription Levels but also simple Update-Subscriptions.

, ,

privacyIDEA 2.17 – Improve Event Handling. Flexible triggering of SMS

privacyIDEA was released in version 2.17.

As always NetKnights provides consultancy and service level agreements for the privacyIDEA Enterprise Edition.

For more details on version 2.17 see the privacyIDEA blog.

, ,

privacyIDEA 2.16 – secure your data – flexible events

On November 10th privacyIDEA 2.16 was released.

New Main Features

privacyIDEA 2.16 comes with three new main features: Improved event handling, subscription management and improved hardware security module support. The hardware security module component was contributed by our partner AxiadIDS.

You can read more about the details in 2.16 on the project page.

Enterprise Edition

NetKnights provides consulting and support for privacyIDEA with the privacyIDEA Enterprise Edition. This way you can protect your invest and get the liability of a professional SLA.

 

,

privacyIDEA 2.14 released – Improved Event Handling and Encryption

Today privacyIDEA 2.14 was released. It supports the import of encrypted seed files. The event handler framework was improved in many ways.

Read more on the project website.

,

privacyIDEA 2.13 with better PIN policy enforcement

privacyIDEA 2.13 was released. It features a better PIN policy enforcement and improved SMS handling. You can read more on the privacyIDEA blog.

Go and test privacyIDEA 2.13 or ask for an online demonstration. You may also book your presonal two factor workshop to discuss and plan your scenarios. Secure your accounts by getting privacyIDEA 2.13 with a software warranty by choosing your preferred service level aggreement.

,

privacyIDEA 2.11 with RADIUS Migration on Univention Corporate Server

privacyIDEA on Univention Corporate Server

privacyIDEA 2.11 is now available on the Univention Corporate Server. Using authentication policies privacyIDEA can conditionally forward authentication requests to external RADIUS servers. This way you can setup easy migration scenarios of old, EOL OTP systems.Logo_UCS_certified

You can find more on the RADIUS forwarding in the release notes.

SLA and Subscription

Already for a while privacyIDEA is available in the AppCenter of the Univention Corporate Server. This plattform provides an easy installation, maintenance and update. For running privacyIDEA on the Univention Corporate Server you need a valid service level aggreement. You may get your personal test subscription here.