How to manage user enroll OTP?

In the present, we have a proceed as below:
Users login Privacy -> Enroll OTP -> VPN => But I see it is not secured
So I want to propose one more step:
“User must be actived by Admin” -> Users login Privacy ->-> Enroll OTP -> VPN
Please guide me how to made it.

Have a look at this
It should satisfy your desire for a more secure enrollment process…

1 Like

Thanks for reply @henry. But I mean in this case the user loses an account and the hacker uses that account to register the token? That is not very safe. Is there a way to allow users to register only once, if they lose the account, they need to contact the admin to be able to re-enroll the token?

Hello @duyphung
this is what we at NetKnights do consulting for. privacyIDEA provides myriads of ways to bring tokens to the user. This is an individual process.
One thing to help with it is the registration token.

thank you so much @cornelinux, i will read more about registration token, and try test it

I can do it now, thank you guys so much. Another problem is that every time user accesses to system, they will be enrolled one token, I want the new token after being given to the users, the old token must be disabled. Please guide me how to make it.

I found my answer in tab “policy”. Everything is clear now. Thank you guys !