https://xkcd.com/2522/

MFA System privacyIDEA

Developed by NetKnights

Ment so set customers free again!

How?

Flexibility

Centrally, on premises
  • enroll one token, use it everywhere

Centrally, on premises

  • support PAM, Credential Provider, RADIUS, LDAP, SAML2, OpenID Connect, REST, MIT/Kerberos
  • Plugins for FreeRADIUS, Credential Provider, PAM Stack, Web Apps like ownCloud, IdPs like simpleSAMLphp, Keycloak, Shibboleth, ADFS, Gluu

Connecting users

  • Connect existing users
  • via LDAP, AD, SQL, SCIM, HTTP, Flatfile
  • Conecpt of resolvers and realms

Token types and Token assignments

Email, SMS, App ... Yubikey, x509, FIDO2...

  • acceptance of the user. Allow for multiple and fallback tokens.
  • avoid technology or vendor Lock-in

Policies

define how the system behaves

Automation

Everything is REST

  • Configuring System, Manage 2nd factors (by admin), Selfservice (by user)
  • Single Page Application uses REST
  • Possibilities to integrate with REST into your own portals.

Event Handler

  • REST request happens
  • trigger a new action
Arbitrary Event Handlers

The obvious is often not the real problem!

How should we as a vendor know?

Migration

Migration and Integration
  • Move from an EOL Solution.
  • Reenrolling your tokens!
  • Open standards (HOTP) rock, Closed source (RSA SecurID) sucks.

Why today?

We need you!

Get in touch
  • Cornelius Kölbel
  • Project Lead privacyIDEA
  • Founder and CEO of NetKnights
  • cornelius.koelbel@netknights.it