29. May 2020

Two-Factor Authentication at the Windows Desktop – Offline

The new version 3.0 of the privacyIDEA Credential Provider is available now. It allows easy authentication with push notifications via smartphone and offline functionality with HOTP tokens like the Yubikey.

privacyIDEA Credential Provider Version 3.0 available

As of today the new version 3.0 of the privacyIDEA Credential Provider is available. The privacyIDEA Credential Provider allows users to securely log on to a Windows desktop or terminal server with a second factor. The user can use a smartphone app, a one-time password token, Yubikeys or Nitrokeys. Alternatively, the authentication backend sends the user an email or SMS with a one-time code for the login.

New in Version 3.0

The Credential Provider was completely revised in version 3.0 in C++. The new code structure now allows easier customization and faster release cycles.

In version 3.0 the following functions have been added:

Easy Push Authentication

Since version 3, the privacyIDEA backend supports authentication via push tokens, where the user only has to confirm the login by clicking on his smartphone. Now the push authentication is also seamlessly integrated in the credential provider for logging on to the Windows Desktop.

Realm-Mapping for complex scenarios

If users need to log on to multiple domains or multiple realms are managed in privacyIDEA, this is no longer a problem with the new credential provider. In the new version, the administrator can define a flexible mapping from Windows domains to privacyIDEA realms.

Offline: Failsafe and mobile users

The privacyIDEA Credential Provider now supports logon with HOTP tokens when the privacyIDEA server is not reachable. This is useful if the user wants to log on to his notebook with a smartphone HOTP token or with a Yubikey while on the road.

In order to be able to deal with network failures in critical scenarios, the administrator can now also define a privileged account with which the user can log on without authentication against privacyIDEA.


The privacyIDEA Credential Provider is available for download for registered customers. Interested users can evaluate the software in an extensive test phase. Please contact us to obtain a demo version.

About the privacyIDEA Credential Provider

The Credential Provider is installed on Windows client or server systems. During logon, it asks the user for a second factor in addition to the Windows password.

The authentication is carried out against the privacyIDEA backend, in which the administrator manages all user tokens at a central location on Premises.

The administrator can completely customize the appearance of the privacyIDEA Credential Provider to the corporate design. Logos and texts can be adapted according to the corporate design.
The privacyIDEA Credential Provider integrates seamlessly into the existing Windows landscape. It supports Network Level Authentication (NLA), User Access Control (UAC) and Over-The-Shoulder (OTS). The password can be changed both during logon and while unlocking a session.
privacyIDEA Credential Provider is available as a signed MSI package. Companies can thus easily install the software on Windows 8, Windows 10, Server 2012, 2016 and 2019 via their preferred software distribution system.
By authenticating against the privacyIDEA backend, which is available under an open source license and is also operated in the company’s own network, companies not only have freedom of choice when it comes to using the second factors, but also have full control over the entire logon process at all times.

Latest news
24. November 2023
Erfahrungsaustausch und Unkonferenz mit den privacyIDEA Experten
In November, NetKnights invited their customers to Kassel to talk about privacyIDEA. For a whole day, multi-factor authentication was discussed in the Villa Salve, near the famous Bergpark Wilhelmshöhe. The customer day was also a platform for customers to network with each other and get to know the faces behind privacyIDEA.
23. May 2023
Often not urgent - but important!
NetKnights hosts its third internal unconference in the countryside of Saxony-Anhalt.


Drücken Sie "Enter" zum Starten der Suche


Press "Enter" to start the search