is there any chance to configure, that the Privacy IdeaWebsite can only be used with two factors, if a user has a second factor Token in his account active?
Sure, if he lost this token he can not login anymore, I know. But is it possible?
basically this mode uses privacyIDEA itself to log in. So if You have a user with a token and a pin, she needs these to log into privacyIDEA.
If You have the otppin=userstore policy set, she needs the userstore password and the OTP of the token.
The default for login_mode is userstore, so no OTP will be required to log in.