Configuration for Email-Token with Challenge

Hello Community,
I already spent some days to connect privacyIDEA for our company.
The privacyIDEA is installed and running. I can create users and tokens.
We use apache2 as webserver.
We dont have LDAP or Radius.

Now here is my problem.
i can’t make it to configure the hole system so that the following workflow is possible:

  • the user should call our website (, the admintool only knows http)
  • the user then should see a dialog “please login”.
  • if the user exists in privacyIDEA, then an Email with a one-time-password should be sent to the user.
  • now a other dialog “please enter PIN from email” should be shown.
  • if the one-time-password is entered correct then the user should be forwarded to our admintool.

I tried many things and searched the internet, but I dont find a solution.
Please give me a detailed step-by-step instruction what i have to do in privacyIDEA and in apache.
I must nor spend more days for this feature.

Kind regards