First of all, Thanks a lot for the tremendous work and efforts you’ve put in privacyIDEA! It’s such an awesome MFA system!
I’d like the new users,who have no tokens, to authenticate to the privacyIDEA webui using the userstore (their LDAP password in my case). Once a token is created, they should use their password + OTP token to authenticate.
Is it possible to set a period of time for how long users can only still their passwords before enforcing them to use their password + OTP token?