Select token based on client

Hello,

I’m trying to figure out if it is possible to have a user with multiple token and select a different token based on the client they are trying to authenticate with.

In specific I’d like to have the user have a SMS token and use it only to login to Privacy Idea web interface, then create on his own a TOTP Token and use it to login to any other application while still using the SMS token to login to the web interface.

I’ve managed to configure the first part, but when the user create his own TOTP Token every time they login on any client the get sent an SMS and can use either of the two token.

Thank you,
Federico

Basically there is no way for the user to choose a tokentype.

But this can be possible depending on a lot of conditions or circumstances. I am not sure, if in your case you will have the required result.
It will depend on:

  1. whether you are always doing challenge-response or not.
  2. an authorization policy like the toketype or serial 7.4. Authorization policies — privacyIDEA 3.10dev1 documentation, 7.4. Authorization policies — privacyIDEA 3.10dev1 documentation However, I think the user in certain situations might still receive the SMS although he will not be able to authenticate with.
  3. Depending on which application you are using, you could be able to use this policy: 7.4. Authorization policies — privacyIDEA 3.10dev1 documentation

Thanks for you answer! I’ll try to play with the options you presented and will share with the community the results.

1 Like

This would really be needed, specially while using SMS and/or EMail.

The possibility to choose when to trigger it, as this results in costs in most services (SMS gateways you pay per SMS and have limits; AWS SES, Mailgun and similar also charges you per EMail)