We just released privacyIDEA admin client 2.5.
The admin client already provided an easy way to enroll a bunch of yubikeys by initializing them one after another. Running
privacyidea -U https://your.PI.server -a admin token yubikey_mass_enroll
you are able to plugin a yubikey, wait for the admin client to initilize it within a second pull it and plug in the next. Without even pressing a key. (Hit Ctrl-C when you are done). This would write all the otpkey material directly to the specified privacyIDEA system. This was the status quo. This way you are able to initialize hundrets of yubikeys just by plugging in and pulling out.
Anyway. In certain cases this would not work, since you might have no USB access on the machine, from which you are accessing the privacyIDEA server.
With privacyIDEA admin client 2.5 it is now possible to initilize a bunch of yubikeys without the privacyIDEA server available. The otpkeys will be written to a file which you can import to privacyIDEA later. Run
privacyidea token yubikey_mass_enroll --filename secrets.csv
and all the secret otp keys will be written to secrets.csv. (Please note, that this file is not encrypted and contains the new secret keys of the initilized yubikeys)
Now you can import the file to any privacyIDEA system.
2 thoughts on “privacyIDEA admin client for Yubikey mass enrollment”