In most cases, multi-factor authentication solutions limits companies which rules and mechanisms the user is subject to. "privacyIDEA" from NetKnights, on the other hand, is designed to give user companies maximum control rights. With version 3.6, the Kassel-based provider has significantly expanded these degrees of freedom.
The release 3.6 of privacyIDEA opens the possibility to manage additional user attributes within privacyIDEA. Based on these, administrators can define policies for additional permissions. In addition, a new feature in privacyIDEA 3.6 is that administrators can now also use arbitrary token attributes as conditions in policies. These are additional ways that administrators can control privacyIDEA properties and define users’ permissions.
New Attributes of Users and Tokens
privacyIDEA reads users and their attributes from LDAP directories, Active Directory or SQL databases. So far, administrators always had to manage user attributes there as well. With privacyIDEA 3.6, administrators and users can now extend or even overwrite the attributes read from these sources directly within privacyIDEA.
This enables new workflows and scenarios for attribute-dependent permissions. For example, VPN connections that depend on user attributes can be influenced directly within privacyIDEA.
Administrators can now include token attributes such as token type, error counter, enabled/disabled, and other token properties as conditions in all policies. For example, some users may only delete disabled tokens, but not active tokens.
With the privacyIDEA Authenticator app, the push token type has been around for authentication via simple confirmation on the smartphone since version 3.0, both with Android and iOS. In privacyIDEA 3.6 it is now possible to use the push token completely without the complex configuration of the Firebase push service. This allows for easier and faster configuraton and can also be interesting for data protection reasons.
There are situations where the user needs to exchange a token. This can be the case when he changes his smartphone, when a TAN list is used up, when a newer hash algorithm is to be used or when the administrator decides that in the future the OTP value should have 8 digits instead of 6. With the new token rollover function, the user himself can perform this exchange in the self-service portal.
All other changes are detailed in the changelog on GitHub. In the same place, all components of privacyIDEA will be further developed as open source software under the AGPLv3 under the leadership of NetKnights GmbH.
The new version 3.6 of privacyIDEA is available now via the Python Package Index and in the community repositories for Ubuntu 16.04, 18.04 and 20.04. Additionally, NetKnights GmbH offers the Enterprise Edition with support for Ubuntu LTS, RHEL/CentOS and an appliance tool and performs custom development for special requirements.
privacyIDEA is an open source multi-client, multi-instance multi-factor authentication system. Development is done transparently on Github. Installations and updates are easily possible via the Python Package Index or via repositories for Ubuntu. A few weeks after the respective community major release, NetKnights GmbH publishes a stable enterprise release for Ubuntu LTS and RHEL/CentOS.
More information about the latest developments around privacyIDEA can be found at our news.