Hello everyone, I’m still a beginner with the Privacyidea software. I think it’s fantastic what Cornelius Kölbel and his team have achieved. I’ve now tried setting up a system in a test environment with a Windows server and an Ubuntu server. It works perfectly with the cp and the second factor. Now I want to offer an “emergency admin” the option to exclude him from the second factor. On the Windows server(in registry of cp), there’s the option to specify an exclude account. I’ve stored the emergency admin there. On the Privacyidea server, I’ve created an “exclude”-policy for this emergency admin. Unfortunately, the second factor is still always required for the emergency admin to log in. My policy is from the “Authentication” scope. Are “openpin (userstore)” and “passthru (userstore)” the correct actions if they should only log in with LDAP credentials? How can i solve this problem? Are there other possibilities? Thank you for your support!
Greetz Chris