Authenticate Scope and choose token

I test privacyIDEA 3.5.2.
I have my first Policy with { “otppin”: “tokenpin” }
I create a second policy with IP Client condition(ip condition works) and i want to define which tokentype i will use.
If i have a user with 2 tokens email and PUSH with the same tokenpin, how to choose the email token.
I seen i can authorize which tokentype but i don’t want to authorize i don’t want to receive a push notification and authorize only email.
I search with condition or event but i didn’t find, moreever i pass throught radius Plugin.
An idea?

1 Like

The default behaviour of privacyIDEA is to accept an authentication attempt by the user. If a user has more than one token, the user will “simply use” the token he wants to.
privacyIDEA will find out itself, which token was used and grant access.

If you need to have the user somehow “select” which token he is going to use (which imho is in 98% the cases a totally unneccessary step), then you need to add a lot of complexity to the application/plugin like:

  • auth against privacyIDEA API
  • get the list of tokens of a given user
  • run a validate/check with the selected serial number

against simply

  • running validate/check

Thanks, I have to go through Radius Plugin and choose the type of token, I will think of a solution with the radius “update request”.
thank you so much