Hello.
Can I configure PrivacyIdea so that all users will have an email token assigned by default? We’re looking for an MFA for OwnCloud, and PI seems like it has the flexibility I’d like, however having users first go to the PrivacyIdea server to select and set up their tokens is a bit advanced for most of them, which means lots of time sending IT to show them.
What I’d like to do is configure email tokens for all our LDAP users (via script/API if possible) so that they don’t have to.
Thanks.
So I discovered the sample scripts on GitHub to do this, and it worked okay. However, I found I couldn’t use a second realm with a filtered set of ldap users, at least not with OwnCloud’s PI plugin, which only allows you to specify one realm.
My plan is to give a certain subset of users only email tokens, and another subset a different selection of tokens. I was hoping to do this with realms, which seems like the correct way. I did create a realm that shows exactly the group of users I need.
When I use the create-default-tokens.py with —realm newrealm” it adds the token to PI, but when the user attempts to log in to OwnCloud they get a nasty 500 error back.
Has anyone else seen that problem before?
can you check what the logfile of privacyidea says?