This year, the trade magazine “CIO Applications Europe” has chosen NetKnights as one of the TOP25 security companies. The editors emphasized the great success of Netknights meeting the individual needs of companies from different industries – for example the healthcare sector, where the privacyIDEA system cooperates with famos IT solutions such as Citrix, NetScaler, CiscoASA and also with many VPN and firewalls. Thus far, the print magazine is one of the leading IT media brands in Europe. Its rankings lay a special editorial focus on important technological innovations among various sectors.

Advancing further arguments for the election of Netknights, among others CIO Applications Europe especially mentioned the high transparency and flexibility of the 2FA solution: As open-source-based system privacyIDEA dedicates the complete ownership of the source code to its customers. Thus, administrators gain complete control adjusting the system.

As a modular system on-premise, privacyIDEA enables the installation of a highly secure environment for business data and identities – without sacrificing any functionality or flexibility. Concerning this matter, the CIO states:

„Holding an immense experience in identity management and authentication, NetKnights provides an array of relevant consulting services to deliver an optimal solution. NetKnights not only visits the customer’s premises to provide personalized consultancy but also conducts workshops to understand their requirements and design workflows. These consulting services range from the integration of hand-picked software into the client’s existing systems for the development of automation systems and connectors to streamline the workflows.”

Read the full article here

NetKnights GmbH will be at the Open Source Summit Paris on December 5 and 6, 2018. We will present the multi-factor authentication system privacyIDEA to the French audience and hear about the special requirements for a successful multi-factor authentication in France.

Visit us at booth D17.

Secure and trunstworthy authentication at Windows Desktop and Terminal Server

Today we release the version 2.5 of the privacyIDEA Credential Provider. The privacyIDEA Credential Provider requires a user to login to the Windows desktop or terminal server using a 2nd factor. The user could use his smartphone with a smartphone app, a one time password token, a Yubikey or Nitrokey to authenticate. As an alternative the authentication backend can also send an Email or text message, containing a one time code, to the user for login.

The authentication is done against the privacyIDEA authentication system. The administrator can manage and control all authentication devices in this very central location in the own company network.

Authentication under your control

The administrator can adapt the look and feel of the privacyIDEA Credential Provider according to the corporate design. Logos and text can be adapted to fit the authentication policies in your company.

The Credential Provider integrates seemlessly into an existing Windows network. It supports Network Level Authentication (NLA), User Access Control (UAC) and Over-The-Shoulder (OTS). The user can change his domain password during the login process and also during unlocking a locked desktop session.

privacyIDEA Credential Provider comes as an MSI package. Thus it can easily be enrolled using the preferred software deployment system and be installed on Windows 8, Windows 10, Server 2012 and 2016.

By authenticating against the privacyIDEA backend you get the free choice of which user should use which authentication device. Thus you gain the full control of the authentication processes in your organization.

New in der Version 2.5

The core new feature in version 2.5 is a challenge response authentication. This allows the user to also use one time codes sent via Email or SMS to authenticate to the Windows machine.

The privacyIDEA Credential Provider is available for download for registered customers. If you are interested in testing the software you can get a demo copy for an excessive test in your environment.

Today on August, 29th 2018 privacyIDEA 2.23 is released. Packages are available in the public Launchpad-Repositories for Ubuntu 14.04LTS and 16.04LTS. The Multi-Factor Authentication System privacyIDEA can also be installed via the Python Package Index on any other Distributionen.

Automated processes

Event Handlers were already added to privacyIDEA in Version 2.12. They enable the administrator, to connect any event to new actions like user notification, token management or any arbitrary script. If such an event occurrs, the defined action is triggered.

With version 2.23 these actions can now be triggered, before the originial event is processed. We distinguish Post-Event-Handling and Pre-Event-Handling. E.g. the administrator can define, that a user, who has no token assigned and tries to authenticate, gets a new token enrolled. And this newly enrolled token will be directly used during this authentication request. The logon experience for the user is totally transparent. There is no additional effort for the administrator.

This way a lot of tasks, which would otherwise be done manually or called by a script, will be executed automatically just at the right moment within privacyIDEA. This way the administrator can cope with unforeseen scenarios and can automate actions accordingly.

The Pre-Event-Handler ernolls a token for the user, if the user has no token, yet. This token is used in the very same authentication request.

Periodic tasks

In version 2.23 the administrator can define periodic, recurring tasks. Besides these can be used, to gather information about or from the privacyIDEA system. Several modules (“Event Counter”, “Simple Statistics”) are used to define, what should happen periodically.

E.g. using the Statistics Module the administrator can monitor the number of the available (not assigned) hardware tokens. This is often important, so that the administrator know, when he needs to reorder new hardware tokens.

The Event Counter module records how often a certain event has occurred. A simple scenario is to record the numter of failed authentication requests.

privacyIDEA saves all this information to time series. Using tools like Grafana you can plot this to relevant graphs.

Events – like authentication requests – can be recorded and view graphically in a timeline.

 

2FA for the masses

Two-Factor-Authentication is widely spread. A lot of services offer 2FA to their end users. But it is not always possible to use hardware devices. Not every user has a smartphone. Sometimes users to not want to pass their mobile number for SMS tokens – due to privacy concerns. There is not one solution for all. This is the strength of privacyIDEA, you can mix and match a lot of different token types.

With version 2.23 you also get the TAN token. The administrator now can import existing TAN lists into privacyIDEA. This way you can easily add authentication to a huge number of users and you can smoothly migrate from an existing TAN solution to privacyIDEA.

More at Github

You can find the complete Changelog at Github.

In a few weeks the NetKnights GmbH will release privacyIDEA Enterprise Edition 2.23.1. In addition it will be available for RHEL/CentOS 7 and the Univention Corporate Server.

NetKnights GmbH will attend the business fair and conference it-sa this year in October. Being a partner at the stand of ownCloud in Hall 10.0-428, NetKnights places its core competence of Multi Factor Authentication just at the right spot. Keeping your own data under your control is the job of ownCloud. Securing the access to that data is the job of NetKnights and the privacyIDEA ownCloud App. It allows a flexible, enterprise grade two factor authentication at the File Sync And Share solution from ownCloud.

New features in privacyIDEA

Within the privacyIDEA Authentication Server there are a lot of interesting new features.

We will present the upcoming version 2.23 of privacyIDEA. Two of the innovative new features are the Pre-Event-Handler and Monitoring and Statistics.

The administrator can use the Pre-Event-Handler to add additional task before e.g. an authentication request is processed. These tasks and the conditions can be configured completely flexible. The administrator could configure privacyIDEA this way, that before authenticating a user, this very user gets an Email token enrollend and assigned – without user or admin interaction. This is only one possible scenario to use the Pre-Event-Handler.

The Monitoring and Statsitics module can use data from the Event Counter and use periodic tasks to gather any possible metrics. Within a blink of an eye the administrator can define, which data he wants to collect and e.g. create a metric of failed authentication requests. External tools like Grafana can then be used to create graphs.

We continue to strive making privacyIDEA one of the most flexible Multi Factor Authentication systems in the market.

Check it out! Get your own personal date at the it-sa!

 

Today we released the privacyIDEA ownCloud App in version 2.4. Apart from improvements in the configuration we added a new important feature, which makes it possible to exclude some users from the two-factor authentication.

With or without two-factor authentication?

The privacyIDEA ownCloud App activates the two-factor authentication for all users in a company. The authentication will be proceed by the privacyIDEA server.

In some cases it could be interesting to give users access to ownCloud without a second factor. If these users exist local in ownCloud, this wasn’t possible yet. But in version 2.4 the administrator can define user groups, who do not need a second factor to login. This could be useful for guest users who do not have access to sensitive files. This will minimize the workflow, because it is not necessary to enroll a second factor for a simple and temporary guest user.

Configuration

In version 2.4 we revised the configuration for the privacyIDEA ownCloud App as well. The setup and connection to the own privacyIDEA system should be much more easier for the administrator. We added for example test buttons, so the administrator can check the configuration, before it will be activated.

Apart from this we expand the configuration dialog to different languages.

About the privacyIDEA ownCloud App

The privacyIDEA ownCloud App expands a two factor authentication to an existing ownCloud installation. The privacyIDEA plugin forwards the second step of own Cloud’s user login to the authentication system privacyIDEA. In this system the administrator can manage the second factors of the users and can regulate which user needs to login in which way. Because of privacyIDEA the users are able to use many methods to authenticate like key fob token, smartphones, apps, SMS, mail, yubikey, or U2F-devices.

You can find a complete changelog for the privacyIDEA ownCloud App here.

If you have more questions feel free to contact us.

Today we released the version 2.22.1 of the privacyIDEA Enterprise Edition.

If you want to know more about the major changes from 2.21 to this version 2.22.1 please read our previous blog post.

Bug Fixes

In version 2.22.1 bugs in the Web UI and server have been fixed:

  • Login with Challenge Response tokens to the WebUI was improved.
  • The PIN, serial and username handling in the rollout and assignmed was fixed.
  • Annoying output in the browser console was removed.
  • Added check for serial number present.
  • Fixed validation of OCRA and TiQR token.
  • Added retry to cope with HSM issues.
  • Fixed unicode in resolverconf database table with Oracle.
You can find a complete Changelog at github.

About the privacyIDEA Enterprise Edition

The Enterprise Edition is released as version 2.X.1 a few weeks after the public release of version 2.X and contains necessary bug fixes.

The Enterprise Edition of the privacyIDEA Authentication System addresses companies and organizations, that need a reliable and stable update process. It is available for Ubuntu 16.04LTS, CentOS7/RHEL7 and the Univention Corporate Server. It is also available as an Appliance, that allows e.g. a simple setup of a master master replication.

Please get in touch, if you want to learn more or if you want to test the Enterprise Edition.

Today we released the privacyIDEA Authenticator version 1.0. We fixed typos and added a German translation.

The privacyIDEA Authenticator is available via the Google Play Store.

About the privacyIDEA Authenticator

Using the privacyIDEA Authenticator the smartphones of your users become the factor of possession for a secure login. The privacyIDEA Authenticator creates one time passwords according to the HOTP or TOTP algorithms. It is compatible with the Google Authenticator. However, in conjunction with the privacyIDEA Authentication System the privacyIDEA Authenticator also allows for a secure enrollment process. Thus neither the user nor an attacker can simply copy the secret key of the app during the enrollment process.

In privacyIDEA 2.22 the flexibilty of using arbitrary user attributes in the RADIUS protocol was heavily improved. But there are a lot of other features and enhancements. You can find the complete article at privacyidea.org.

If a company or an organization wants to provide two factor authentication for thousands of users they are faced with totally new challenges.

Users will not come to the administrators desk. The administrator will not enroll a hardware token or initialize the user’s smartphone with the Google Authenticator on a per user basis. There are so many users, that the administrators or helpdesk users do not even know all the end users anymore. There must be a solution, that the enrollment process itself hands the authentication object to the user and ensures the identity of the user – preferably automatically!

Users might be spread over cities, countries – worldwide. They are ordinary end users and often not computer savvy. The rollout and the usage of two factor authentication should bother neither the end user nor the IT department too much.

Read more