Greetings. I’m currently using PrivacyIdea integrated with my Palo Alto GlobalProtect VPN on the frontend, and a Windows 2022 AD on the backend. Everything is working great, but I got sent a OTP from another company, and it gave me a great idea, and all of my googling isn’t quite getting me there.
What I can do:
email_challenge_text: Please enter the verification code sent to {email}.
GlobalProtect displays the text as expected, with the {email} from the user’s AD E-Mail field.
What I would really like to do. Other OTP notifications I get (from PAN, for example), display the email as:US********@email.com, instead of USERNAME@email.com. When this message is displayed, the user has already entered their username and password, so the email address won’t be easily obtained by a nefarious actor, but displaying a partial email address, so the user knows which email address to look in for the OTP would be amazing, and more secure.
I’m hoping I’m just missing something obvious. My other thoughts are to use another AD field to manually create these truncations, but I’d much rather modify the email_challenge_text, than a every AD account. 
Plus it seemed kind of cool.
Anyway, thought I’d ask, plus it was a good excuse to join the community.