Brussels / 3 & 4 February 2018


Enroll 2FA to thousands of users with privacyIDEA

Automating processes with privacyIDEA

privacyIDEA is an Open Source Multi Factor Authentication System. It supports a wide variety of 2nd factor types like Smartphone Apps, key fob tokens, U2F, YubiKeys, Nitrokeys but also managing SSH keys and x509 certificates. Important features are several simple ways to automate processes and thus easily enroll, personalize or revoke authentication object in existing workflows.

privacyIDEA is a flexible two factor solution, which can integrate into any network. Users are read from any user repository like flat files, SQL databases, LDAP or Active Directory.


privacyIDEA runs as a central authentication server in your network. All actions can be accessed via a REST API.

E.g. to enroll a Smartphone App like the Google Authenticator an administrator would have to issue an authentication request to receive an authorization token:

http POST username=administrator password=********

Then the administrator you enroll a token:

http POST serial=123456 genkey=1 type=totp authorization:<authorizationtoken>

The request would aleady return a QR Code image to be scanned with the smartphone.

Of course privacyIDEA provides a modern UI based on bootstrap and Angular, but this API already gives you an idea about the possibilities of automation.

Event Handler

In addition to this privacyIDEA comes with extremly flexible event handler framework. This allows the administrator to hook new actions to any event. These actions may only trigger based under certain conditions. Triggered actions can be notifications, any kind of token events, federations with other privacyIDEA instances or any arbitrary shell script receiving certain parameters from privacyIDEA.

The talk will give you an idea, how you can use the privacyIDEA event handler framework to add privacyIDEA and 2FA management in your existing automated processes.


Photo of Cornelius Kölbel Cornelius Kölbel