hi,
i have setup privacyidea with simplesamlphp successfully. i am using a authproc filter. my question is, is it possible to only use 2 factor authentication for those users that actually have a second factor within the privacyidea database?
in the long run all users (~1000) should and will need both factors, but for the transition phase, it would be greate if that have not token registered yet, can still login.
I solved it as follows:
I gave the users that have to use 2factor authentication an attribute “2fa” with the value 1, the ones who don’t have to use 2fa got a value 0
In simplesamlphp/metadata/saml20-idp-hosted.php I added the lines