Logo_UCS_certifiedprivacyIDEA version 2.7 is now available for Univention Corporate Server.

The two new big enhancements are support for U2F Token like the Daplug or the Yubikey and the signing of the JSON API.

You can register a U2F token for any user. Then the user or the administrator is able to authenticate with the U2F token easily and securely at the Web UI of privacyIDEA.

Some of the many new enhancements are:

When importing tokens you can choose a realm. This way all imported tokens get assigned to this realm immediately.

The audit log contains information, if a OTP value was used again. This helps the support members to identify problems with the login process of users and to solve this problems quickly and reliably.

You can easily install privacyIDEA from the Univention App Center.

privacyIDEA works well with the Univention Corporate Server. In a guest blog article on the Univention Blog Cornelius Kölbel describes how privacyIDEA increases Single Sign On Security with Two Factor Authentication.

As of now privacyIDEA 2.6 is available in the Univention App Center.

Two new outstanding features in privacyIDEA 2.6 are two token types.

4-Eyes-Principle or Two-Man-Rule


Using the 4-eyes token you can combine two or more physical tokens to one logical token. This way you can easily protect a sensible account using the 4-eyes-principle.

Only if both persons are available and provide each their secret password and his personal token, access will be granted.

This way you can comply with high security requirements, which are often used in financial area, medicine or trustcenters.

Simple Authentication with TiQR

The TiQR token provides an easy and smooth way for a single user to authenticate. Authentication is as easy as scanning a QR code with your smartphone. This functionality is also embeddind in privacyIDEA’s own web interface. Take  a look a the video in the Youtube-channel of privacyIDEA.

You can review the complete changelog of 2.6 at

To test privacyIDEA4UCS easily and quickly you can get a ready installed Appliance Image for VMWare ESX, KVM or Virtual Box.

The Image ist a ready installed Univention Corporate Server and a privacyIDEA system on top of it. The privacyIDEA RADIUS component is also installed. You are only asked to enter the IP address configuration and decide, if you want to automatically create a new domain or join an existing Active Directory.

The system will be configured after a shore time and you are ready to login to the Management UI and enroll your first tokens.

privacyIDEA4UCS Appliance is ideal, if you want to get a first glimpse really quickly. After a few minutes the system will be up an running. privacyIDEA4UCS itself is good, if you need professional support for the complete software stack, starting at the operating system up to the privacyIDEA application.

Here you can download the images. Please tell us your email address. We will only contact you once to ask for your feedback.

[contact-form-7 404 "Not Found"]

Please Note

If you choose to conect the privacyIDEA appliance to an existing Active Directory, no token administrators will be configured automatically. So you need to create some of your own like this:

  1. Login to the privacyIDEA machine as user root
  2. Run:
    source /opt/privacyidea/privacyidea-venv/bin/activate
    pi-manage admin add admin admin@localhost

    This will create a new token administrator and ask you for the password.

  3. You can then login with this account to create and manage tokens.

You can read a blog entry at Univention Blog about the history of strong authentication. What about Admiral James T. Kirk?