I just managed to setup a basic working PrivacyIDEA with simpleSAMLphp and a LDAP backend for securing an instance of Nextcloud in the first place (following your tutorial " How to use Nextcloud with privacyIDEA", method 2). Now I would like to force some users to authenticate with two factors and some may be allowed to login just with their password. So is it possible to
a) have a group in LDAP and all the members must use 2FA but all others don’t need to
b) have a group in LDAP and all members don’t need to use 2FA but the whole rest of users must?
Could you give me some pointers in which direction I should investigate? Thanks!
By the way, PrivacyIDEA is an awesome piece of software, I’m just now delighted to have found it!