Netknights opens up further options for its users to design and expand their security measures. With release 3.5, users can roll out PIV smartcards and have them attested by privacyIDEA. The user can then use these smartcards for logon or digital signatures.
Other new features in privacyIDEA 3.5 include the completely redesigned four-eye token, more flexible policies that include token properties, and enhancements to the web interface to make the work of corporate service desk staff easier.
New Authentication Methods
The “Multi-Challenge-Response” function introduced in the last version is now also used for the four-eye token. With this, the administrator can set how many users from defined groups must come together in order to be able to log in together as an account requiring special protection. The workflow for this type of authentication has been completely revised, so that with every new challenges, more users are asked to authenticate themselves. This method also works transparently via the RADIUS protocol, so that it is possible in standard scenarios such as logging on to a Citrix Netscaler or other VPN solutions.
When rolling out x509 certificates, privacyIDEA can now additionally require that an attestation certificate has to be sent along. This ensures that the certificate request was generated on a smartcard. This feature is a prerequisite to be able to manage smartcards with privacyIDEA one day. This functionality has been successfully tested with the Yubikey. Thus, privacyIDEA now supports all relevant authentication mechanisms of the Yubikey: OTP, U2F, FIDO2 and x509.
More convenient work flows for service desk staff and administrators in the Web UI
Since the previous version of privacyIDEA, a dashboard has provided administrators and service desk staff with an overview of the system. A new piece of information has now been added, namely the names of users who failed to authenticate. Clicking on these usernames takes the service desk employee directly to the details of the user and their tokens, so that they can reach a solution more quickly in the event of a support case.
In addition, the audit log contains all the signed information about what is happening in the system. As of Release 3.5, the administrator can define which data fields should be displayed to the service desk staff so that they are not overwhelmed by the flood of information but can find what they are looking for more quickly.
Further flexibility in policies
The conditions for the policies can now also contain any token properties. For example, the administrator can define that logins to systems that require special protection can only be made with hardware tokens, but not with software tokens.
You can find all changes in the changelog on GitHub. In the same place, all components of privacyIDEA are being further developed as open source software under AGPLv3 under the leadership of NetKnights GmbH.
The new version 3.5 of privacyIDEA is now available via the Python Package Index and in the community repositories for Ubuntu 16.04, 18.04 and now also 20.04. Additionally, NetKnights GmbH offers an Enterprise Edition with support for Ubuntu LTS and RHEL/CentOS and performs custom development for special requirements.
privacyIDEA is an open source multi-client, multi-instance multi-factor authentication system. Development is done transparently on Github. Installations and updates are easily possible via the Python Package Index or via repositories for Ubuntu. A few weeks after the respective community major release, NetKnights GmbH publishes a stable enterprise release for Ubuntu LTS and RHEL/CentOS.
More information about the latest privacyIDEA developments can be found under News.
Or subscribe to the newsletter to stay informed.