Posts

Today on August, 29th 2018 privacyIDEA 2.23 is released. Packages are available in the public Launchpad-Repositories for Ubuntu 14.04LTS and 16.04LTS. The Multi-Factor Authentication System privacyIDEA can also be installed via the Python Package Index on any other Distributionen.

Automated processes

Event Handlers were already added to privacyIDEA in Version 2.12. They enable the administrator, to connect any event to new actions like user notification, token management or any arbitrary script. If such an event occurrs, the defined action is triggered.

With version 2.23 these actions can now be triggered, before the originial event is processed. We distinguish Post-Event-Handling and Pre-Event-Handling. E.g. the administrator can define, that a user, who has no token assigned and tries to authenticate, gets a new token enrolled. And this newly enrolled token will be directly used during this authentication request. The logon experience for the user is totally transparent. There is no additional effort for the administrator.

This way a lot of tasks, which would otherwise be done manually or called by a script, will be executed automatically just at the right moment within privacyIDEA. This way the administrator can cope with unforeseen scenarios and can automate actions accordingly.

The Pre-Event-Handler ernolls a token for the user, if the user has no token, yet. This token is used in the very same authentication request.

Periodic tasks

In version 2.23 the administrator can define periodic, recurring tasks. Besides these can be used, to gather information about or from the privacyIDEA system. Several modules (“Event Counter”, “Simple Statistics”) are used to define, what should happen periodically.

E.g. using the Statistics Module the administrator can monitor the number of the available (not assigned) hardware tokens. This is often important, so that the administrator know, when he needs to reorder new hardware tokens.

The Event Counter module records how often a certain event has occurred. A simple scenario is to record the numter of failed authentication requests.

privacyIDEA saves all this information to time series. Using tools like Grafana you can plot this to relevant graphs.

Events – like authentication requests – can be recorded and view graphically in a timeline.

 

2FA for the masses

Two-Factor-Authentication is widely spread. A lot of services offer 2FA to their end users. But it is not always possible to use hardware devices. Not every user has a smartphone. Sometimes users to not want to pass their mobile number for SMS tokens – due to privacy concerns. There is not one solution for all. This is the strength of privacyIDEA, you can mix and match a lot of different token types.

With version 2.23 you also get the TAN token. The administrator now can import existing TAN lists into privacyIDEA. This way you can easily add authentication to a huge number of users and you can smoothly migrate from an existing TAN solution to privacyIDEA.

More at Github

You can find the complete Changelog at Github.

In a few weeks the NetKnights GmbH will release privacyIDEA Enterprise Edition 2.23.1. In addition it will be available for RHEL/CentOS 7 and the Univention Corporate Server.

NetKnights GmbH will attend the business fair and conference it-sa this year in October. Being a partner at the stand of ownCloud in Hall 10.0-428, NetKnights places its core competence of Multi Factor Authentication just at the right spot. Keeping your own data under your control is the job of ownCloud. Securing the access to that data is the job of NetKnights and the privacyIDEA ownCloud App. It allows a flexible, enterprise grade two factor authentication at the File Sync And Share solution from ownCloud.

New features in privacyIDEA

Within the privacyIDEA Authentication Server there are a lot of interesting new features.

We will present the upcoming version 2.23 of privacyIDEA. Two of the innovative new features are the Pre-Event-Handler and Monitoring and Statistics.

The administrator can use the Pre-Event-Handler to add additional task before e.g. an authentication request is processed. These tasks and the conditions can be configured completely flexible. The administrator could configure privacyIDEA this way, that before authenticating a user, this very user gets an Email token enrollend and assigned – without user or admin interaction. This is only one possible scenario to use the Pre-Event-Handler.

The Monitoring and Statsitics module can use data from the Event Counter and use periodic tasks to gather any possible metrics. Within a blink of an eye the administrator can define, which data he wants to collect and e.g. create a metric of failed authentication requests. External tools like Grafana can then be used to create graphs.

We continue to strive making privacyIDEA one of the most flexible Multi Factor Authentication systems in the market.

Check it out! Get your own personal date at the it-sa!

 

In privacyIDEA 2.22 the flexibilty of using arbitrary user attributes in the RADIUS protocol was heavily improved. But there are a lot of other features and enhancements. You can find the complete article at privacyidea.org.

If a company or an organization wants to provide two factor authentication for thousands of users they are faced with totally new challenges.

Users will not come to the administrators desk. The administrator will not enroll a hardware token or initialize the user’s smartphone with the Google Authenticator on a per user basis. There are so many users, that the administrators or helpdesk users do not even know all the end users anymore. There must be a solution, that the enrollment process itself hands the authentication object to the user and ensures the identity of the user – preferably automatically!

Users might be spread over cities, countries – worldwide. They are ordinary end users and often not computer savvy. The rollout and the usage of two factor authentication should bother neither the end user nor the IT department too much.

Read more

privacyIDEA was released in version 2.17.

As always NetKnights provides consultancy and service level agreements for the privacyIDEA Enterprise Edition.

For more details on version 2.17 see the privacyIDEA blog.

privacyIDEA will provide an Event Handler Framework in the upcoming release 2.12.

Policies for Two Factor Authentication

Using policies you can already configure privacyIDEA in a very detailed and sophisticated manner. The administrator can define the behaviour of privacyIDEA. This way you can run privacyIDEA in many differenz scenarios and find a solution for all requirements. Policies change the authentication and authorization behaviour. The administrator can define security levels or perform an easy migration.

Event-Handler

With the Event-Handler you get completely new possibilities. While policies change the behaviour of privacyIDEA, the Event-Handler does not change this, but starts completely new actions depending on events without changing the behaviour define by the policies.

 

event-handler-enThe screenshot above shows an event definition for the event “token_init”. This is the event of initializing or enrolling a token. In addition to the way the token is initialized, now the action “sendmail” is triggered. The logic is implemented in the handlermodule “UserNotification”. The interesting thing is, that such an action can be bound to any arbitrary event.

 

More Event-Handler-Module

The first event-handler module to be shipped is the module “UserNotification”. More modules are about to follow. A moduel “Enrollment” could trigger and action to enroll a certain token type for a user — as an reaction to any kind of event!

This way you get unimagined possibilities to design new, creative configurations and workflows. Once more privacyIDEA proves, that it is a modern, innovative and trend-setting authentication system.

Please sign up to our newsletter to always be up to date.