Auto enroll SMS/EMAIL/TOTP

Hi All,

I’ve recently setup and configured privacyidea 3.6 for testing, I’m using an external ldap to the mail or mobile attribute.
Users are forced to only have 1 type of OTP enabled, SMS/Email or TOTP.

I managed to create an event that will auto enroll a user for SMS OTP’s.
[ Enroll SMS][ “validate_check”, “validate_triggerchallenge” ] Token pre {“user_token_number”:“0”} enroll { “dynamic_phone”: “True”, “sms_identifier”: “SMS”, “tokentype”: “sms”, “user”: “True” }

I’m struggling to auto enroll the user for an Email OTP when the mobile attribute is not available, or even auto enroll for TOTP when the mobile and email attribute aren’t available.

I also integrated privacyidea with keycloak and using a trigger-admin for token enrollment.
[trigger_admin] admin { “enrollEMAIL”: true, “enrollSMS”: true, “enrollTOTP”: true, “tokenlist”: true, “triggerchallenge”: true, "

Is something like this possible?


I managed to figure it out :slight_smile:

Great! Would you mind sharing your insights?

Seems like I was smoking my own socks and got too excited. I’m still busy doing some testing using the keycloak provider 0.5.1.

I did try to use the keycloak provider 0.6.1 but it’s giving me some issues when I enable trigger challenge. I’ll dive into this at a later stage.