Hi Sergey,
honestly the token enrollment wizard was developed together with a
customer...
...to get the most simple way for the user. This simple way excluded the
token pin.
Of course you are right. We could add more configuration policies to the
enrollment wizard to also allow
1. setting a PIN
2. or creating the random PIN
In case of "setting a PIN" I am not completely convinced. Because it
gets more complicated and the user will have to "understand" the UI. He
will have additional UI elements (PIN entry). So - he could soon use the
normal token enrollment, since it is only a bit more complex.
Hm, in case of "creating a random PIN" the user will not use this random
PIN. Because it sucks. So he will have to reset the PIN. So either we
return to 1 "setting a PIN" or we set a random PIN and than the user has
to reset this PIN. Argh. No.
I think there is a way to also use PIN + OTP with the enrollment wizard.
Just thinking this through, back and forth to get the best way of doing
it.
Kind regards
Cornelius
>
https://groups.google.com/d/msgid/privacyidea/9cc918ba-0c82-4b7c-bef3-de25220da692%40googlegroups.com.