Version 2.15 of the Multi-Factor-Authentication system privacyIDEA supports the Nitrokey.

High Trust Level using the Nitrokey


The Nitrokey is an open USB device for authentication. It can be used as PGP Smartcard, password safe or OTP token. It is produced by our partner Nitrokey in Berlin, Germany. Using the PGP smartcard e.g. you can sign and decrypt Emails. The Nitrokey has 15 TOTP and 3 HOTP slots to work as a One Time Passwort token.

privacyIDEA 2.15 uses these one time password functionality. This way you can use the Nitrokey as a trustworthy OTP device with privacyIDEA. Via the Nitrokey App as a tray icon the user can generate OTP values to authenticate against privacyIDEA. The secret key, which is used to generate the OTP values, is generated by privacyIDEA and stored safely on the Nitrokey. The secret key will never leave the Nitrokey. This way it is not possible to create a copy of the authentication device. You can use privacyIDEA with the Nitrokey on a very high trust and security level.

Improved RADIUS Integration into Firewalls and VPNs

The mapping of user attributes from users in LDAP, Active Directory or SQL databases was improved. The token administrator can define any arbitrary user attributes to be used with privacyIDEA. Such attributes could be group memberships, IP addresses, devices, cost center and many more.

Using a new policy the token administrator can define, if user details are to be returned with successful authentication requests. The new RADIUS module is capable of reading these user details and map the user attributes to RADIUS response attributes. This is especially important for firewalls and VPNs. Firewall rules and sub network assignment often depend on such RADIUS attributes. This way the administrator can manage the behaviour of firewalls and VPNs via attributes within LDAP and mapping within privacyIDEA.

Download of privacyIDEA


With the privacyIDEA Enterprise Edition NetKnights provides additional possibilities and services on top of the open source project privacyIDEA. In addition to extended warranty and maintained packages for CentOS/RHEL and the Univention Coroporate Server NetKnights also provides consulting, service and support with certain service level agreements to give you a secure enterprise solution you can rely on.