Users Without QR Scanners

Hello privacyIDEA Community,

I have been working on a proof concept using privacyIDEA as MFA for an openvpn solution. I have privacyidea installed alongside freeradius on Ubuntu 18.04 using the ready made package (privacyidea-apache2).

While demonstrating privacyidea I was asked how users without QR scanners will be able to enroll tokens (TOTP). This was asked because the user are already using a mac desktop app called Authy as a client to other MFA solutions. The company doesn’t provide smartphones to all employees either hence the no QR scanner.

I played around with the token enrollment process and found that I was able to pull the secret out of the link designed to add the token to google authenticator and then just use it to configure Authy. I was optimistic that I would be able to find a setting to enable this code to be shown along with the QR code however after searching I am unable to find it. I tried using show_seed however I was unsuccessful in displaying the code in text. This lead me to believe that I am incorrect in show_seed’s behavior or did not do it correctly within my policy.

Is it possible to display the secret in text somehow when the user enrolls a token? If so any assistance to point me in the right direction would be appreciated.


Hello and welcome to privacyIDEA,
the show_seed policy should work (see picture). Maybe You need to log out and back in again to apply the configuration.
Alternatively You could change the template in static/components/token/views/token.enrolled.totp.html to always show the seed.Display_Token_Seed

Yes, I see it now! I am sure it was there the whole time. The screenshot was helpful.

Thank you!