Auto Enroll and Assign Users a token upon creation of a new user

bcredeur · March 12, 2024, 6:15pm

Hello!

I have created a PrivacyIdea server that automatically imports users via LDAP when the users are put in a specific group. This works great!

However, to make it as simple as possible for the end users I’ve basically decided I never want them to login to the PrivacyIDEA portal.

I would like to:

add the users by putting them in my aforementioned LDAP group
The users get put into PrivacyIDEA(henceforth referred to as “PI”) automatically because of the sync
PI then enrolls a TOTP token
Then it assigns that token to the user
User then gets an email with the QR Code needed to add the token to their device

This way, the admin can entirely manage everything. And first-time enrollment is pretty much handled automatically.

I have played around with some of the event handlers and policies, but cannot seem to figure out how to get this working? Is it even possible?

cornelinux · March 12, 2024, 6:42pm

privacyIDEA does not actively sync the users from LDAP.
It searches users in LDAP each time you request or search a useri in privacyIDEA.

So there is no “event” to hook your enrollment to. You need to come up which event would actually work out for you.

Then you can use the script handler and write your own script to enroll and mail the token.

bcredeur · March 13, 2024, 1:17pm

Thanks! I decided on assigning the tokens myself and using that event to send the email!