Bypass OTP on authentication
9,819 views
Skip to first unread message
Raoul
Feb 1, 2017, 11:27:23 AM2/1/17
to privacyidea
Hi,
per default I want my users to connect using their password + OTP which is configured in a policy. For my monitoring application I could successfully bypass the required OTP by creating a new user without assigned token.
Is it also possible to create a policy for users with token to bypass OTP?
Thanks,
Raoul
Cornelius Kölbel
Feb 2, 2017, 5:13:53 AM2/2/17
to privacyidea
There are myriads of scenarios and workflows.
Yes.
It depends how you understand "bypass".Raoul
Feb 3, 2017, 9:51:34 AM2/3/17
to privacyidea
Yes, I can imagine and checked also probably only half of it as I couldn't think a good combination together.
By bypassing I mean to not ask for the OTP token even the user has an assigned token when he is connecting from a specific source ip.
Regards
cornelius.koelbel
Feb 3, 2017, 10:38:10 AM2/3/17
to privacyidea
Cornelius Kölbel
+49 151 2960 1417
-------- Ursprüngliche Nachricht --------
Von: "cornelius.koelbel" <corneliu...@netknights.it>
Datum: 03.02.17 16:37 (GMT+01:00)
An: Raoul <raoul...@gmail.com>
Betreff: AW: [privacyidea] Re: Bypass OTP on authentication
You could assign a 2nd spass token an use the token types in the authorization policy with IP addresses.
Kind regards
Cornelius
Cornelius Kölbel
+49 151 2960 1417
cornelius.koelbel
Feb 3, 2017, 11:17:54 AM2/3/17
to Raoul Thill, privacyidea
Great.
Can you tell: is there a certain spot where we need to improve the documentation?
Kind regards
Cornelius
Cornelius Kölbel
+49 151 2960 1417
-------- Ursprüngliche Nachricht --------
Von: Raoul Thill <raoul...@gmail.com>
Datum: 03.02.17 16:56 (GMT+01:00)
An: "cornelius.koelbel" <corneliu...@netknights.it>
Betreff: Re: [privacyidea] Re: Bypass OTP on authentication
Wow, great Friday afternoon, that worked immediately!
Thanks for this great idea to use the spass token.
Raoul
On Fri, Feb 3, 2017 at 4:37 PM, cornelius.koelbel <corneliu...@netknights.it> wrote:
You could assign a 2nd spass token an use the token types in the authorization policy with IP addresses.Kind regardsCorneliusCornelius Kölbel+49 151 2960 1417
-------- Ursprüngliche Nachricht --------Von: Raoul <raoul...@gmail.com>Datum: 03.02.17 15:51 (GMT+01:00)An: privacyidea <priva...@googlegroups.com>Betreff: [privacyidea] Re: Bypass OTP on authentication
--
Please read the blog post about getting help
https://www.privacyidea.org/getting-help/.
For professional services and consultancy regarding two factor authentication please visit
https://netknights.it/en/leistungen/one-time-services/
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/
---
You received this message because you are subscribed to a topic in the Google Groups "privacyidea" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/privacyidea/JJwYnU1G5e4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/90e0e792-4c12-4704-8fdf-7ef3eedc3f08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages