Companies working with credit card data need to comply to PCI DSS. In section 8.3 PCI DSS 3.0 requires the use of two factor authentication.

Modular Two Factor Authentication Solution privacyIDEA Enterprise Edition

privacyIDEA is a modular solution for two factor authentication especially with OTP tokens. It is multi-tenency- and multi-instance-capable. Due to the modular structure privacyIDEA can be quickly and easily adapted and enhanced. E.g. adding new token types is as simple as writing a new lean python module. You do not need to modify your network for privacyIDEA, it does not write to existing databases or user stores. It only needs read access to your user stores like LDAP, Active Directory, SQL, SCIM-service or flat files. Existing workflows can be enhanced without the need to modify them. Using its simple REST like API it can be automated and smoothly be integrated.

Enterprise Edition with Service Level Agreements

The privacyIDEA Enterprise Edition by NetKnights contains:

  • The vendors warranty for the software mitigating the “no-warranty” risk of the AGPLv3 or privacyIDEA open source.
  • Subscription to additional stable software packages of privacyIDEA for CentOS/RHEL and Univention Corporate Server.
  • Consultancy and prioritized feature requests.
  • Professional support and Service Level Agreements.

Customers Scenarios

We use privacyIDEA for customer projects to secure existing remote access like SSL VPNs. Using operating system clients the access to the operating system can also be secured accordingly. SAML authentication can get a second factor. privacyIDEA integrates well with other web based opensource products.

privacyIDEA is certified for the Univention Corporate Server. and available in the Univention App Center.

Your own privacyIDEA testing instance

Interested? Get your own privacyIDEA instance to test it for 30 days.

Supported Token Types

privacyIDEA supports all usual push-button-tokens, OTP cards and smartphone apps. The support for SafeNet eToken NG OTP and Yubikeys must be pointed out.
Both authentication devices can be initialized using privacyIDEA and thus the secret token seed is not known be the vendor or the distributor. privacyIDEA supports SSH keys and can manage the key assignments to your servers. In addition privacyIDEA can act as a CA for X.509 certificates.

Easy Migration of an old two factor authentication system to privacyIDEA


project website…