.. .. image:: https://circleci.com/gh/privacyidea/privacyidea/tree/master.svg?style=shield&circle-token=:circle-token
.. :alt: CircleCI
.. :target: https://circleci.com/gh/privacyidea/privacyidea
.. image:: https://codecov.io/gh/privacyidea/privacyidea/coverage.svg?branch=master
:target: https://codecov.io/gh/privacyidea/privacyidea?branch=master
.. .. image:: https://img.shields.io/pypi/dm/privacyidea.svg
.. :alt: Downloads
.. :target: https://pypi.python.org/pypi/privacyIDEA/
.. image:: https://img.shields.io/pypi/v/privacyidea.svg
:alt: Latest Version
:target: https://pypi.python.org/pypi/privacyIDEA/#history
.. image:: https://img.shields.io/pypi/pyversions/privacyidea.svg
:alt: PyPI - Python Version
:target: https://pypi.python.org/pypi/privacyIDEA/
.. image:: https://img.shields.io/github/license/privacyidea/privacyidea.svg
:alt: License
:target: https://pypi.python.org/pypi/privacyIDEA/
.. image:: https://readthedocs.org/projects/privacyidea/badge/?version=master
:alt: Documentation
:target: http://privacyidea.readthedocs.org/en/master/
.. .. image:: https://codeclimate.com/github/privacyidea/privacyidea/badges/gpa.svg
.. :alt: Code Climate
.. :target: https://codeclimate.com/github/privacyidea/privacyidea
.. .. image:: https://api.codacy.com/project/badge/grade/d58934978e1a4bcca325f2912ea386ff
:alt: Codacy Badge
:target: https://www.codacy.com/app/cornelius-koelbel/privacyidea
privacyIDEA: Open-Source Multi-Factor Authentication
====================================================
privacyIDEA is an open-source MFA platform for orchestrating all your multi-factor authentication needs. Secure your entire stack with a flexible, self-hosted solution that puts you in control. As an on-premise platform, your sensitive user data always remains within your infrastructure.
Key Features
------------
* **Universal MFA:** Add a second factor to virtually any application—from SSH and VPNs to IdPs like Keycloak and web portals.
* **Extensive Factor Support:** Go beyond simple OTP. We support everything from cutting-edge Passkeys and push authentication to various OTP types.
* **Vendor-Agnostic:** Connect to your existing user stores (AD, LDAP, SQL, EntraID) without being locked into a specific ecosystem.
* **Truly Open:** Licensed under AGPLv3 to guarantee your software freedom, always.
Supported Authentication Factors
--------------------------------
* 🔑 **Passkeys & Hardware:** FIDO2/WebAuthn devices (like YubiKey, Plug-Up).
* 💳 **Smartcards (PIV/x509):** Connect to a Microsoft CA using the `ms-ca-service <https://github.com/privacyidea/ms-ca-service>`_ and enroll certificates directly to PIV-compatible devices with our `enrollment client for Windows <https://github.com/privacyidea/smartcard-client-windows>`_.
* 📱 **Software & Mobile:** Use the `privacyIDEA Authenticator <https://github.com/privacyidea/pi-authenticator>`_ for PUSH notifications, TOTP, and HOTP; for standard TOTP/HOTP, other apps like Google Authenticator are also compatible. TiQR is also supported.
* 📜 **Classic & Remote:** SMS, Email, SSH Keys, Security Questionnaires, and simple Registration Codes for easy rollout.
Seamless Integration
--------------------
Enhance the security of your existing infrastructure:
* **Operating Systems:** `Linux (PAM) <https://github.com/privacyidea/privacyidea-pam>`_, `Windows (Credential Provider) <https://github.com/privacyidea/privacyidea-credential-provider>`_
* **Identity Providers:** `Keycloak <https://github.com/privacyidea/keycloak-provider>`_, `ADFS <https://github.com/privacyidea/adfs-provider>`_, `Shibboleth <https://github.com/privacyidea/shibboleth-plugin>`_, `SimpleSAMLphp <https://github.com/privacyidea/simplesamlphp-module-privacyidea>`_
* **Remote Access:** VPNs with RADIUS (OpenVPN, Fortinet, Palo Alto), SSH
* **Web Applications:** Apache, Nginx, any web portal via our REST API.
* `nextCloud <https://github.com/privacyidea/privacyidea-nextcloud-app>`_, `ownCloud <https://github.com/privacyidea/privacyidea-owncloud-app>`_
* **and more...**
----
Join the Community
------------------
Have feedback, questions, or ideas? Join the discussion on our community forum:
https://community.privacyidea.org
Setup
=====
For setting up the system to *run* it, please read install instructions
at `privacyidea.readthedocs.io <http://privacyidea.readthedocs.io/en/latest/installation/index
.html>`_.
If you want to setup a development environment start like this::
git clone https://github.com/privacyidea/privacyidea.git
cd privacyidea
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt
.. _testing_env:
You may additionally want to set up your environment for testing, by adding the
additional dependencies::
pip install -r tests/requirements.txt
You may also want to read the blog post about development and debugging at
https://www.privacyidea.org/privacyidea-development-howto/
Running it
==========
First You need to create a `config-file <https://privacyidea.readthedocs
.io/en/latest/installation/system/inifile.html>`_.
Then create the database tables and the encryption key::
./pi-manage create_tables
./pi-manage create_enckey
If You want to keep the development database upgradable, You should `stamp
<https://privacyidea.readthedocs.io/en/latest/installation/upgrade.html>`_ it
to simplify updates::
./pi-manage db stamp head -d migrations/
Create the key for the audit log::
./pi-manage create_audit_keys
Create the first administrator::
./pi-manage admin add <username>
Run it::
./pi-manage run
Now you can connect to http://localhost:5000 with your browser and login
as administrator.
Run tests
=========
If you have followed the steps above to set up your
`environment for testing <#testing-env>`__, running the test suite should be as
easy as running `pytest <http://pytest.org/>`_ with the following options::
python -m pytest -v --cov=privacyidea --cov-report=html tests/
Contributing
============
There are a lot of different ways to contribute to privacyIDEA, even
if you are not a developer.
If you found a security vulnerability please report it to
security@privacyidea.org.
You can find detailed information about contributing here:
https://github.com/privacyidea/privacyidea/blob/master/CONTRIBUTING.md
Code structure
==============
The database models are defined in ``models.py`` and tested in
tests/test_db_model.py.
Based on the database models there are the libraries ``lib/config.py`` which is
responsible for basic configuration in the database table ``config``.
And the library ``lib/resolver.py`` which provides functions for the database
table ``resolver``. This is tested in tests/test_lib_resolver.py.
Based on the resolver there is the library ``lib/realm.py`` which provides
functions
for the database table ``realm``. Several resolvers are combined into a realm.
Based on the realm there is the library ``lib/user.py`` which provides functions
for users. There is no database table user, since users are dynamically read
from the user sources like SQL, LDAP, SCIM or flat files.
Subscriptions and limitations of community edition
==================================================
Using privacyIDEA Server and the privacyIDEA FreeRADIUS plugin there is technically no
limitation of the community edition or the code in this repository.
Admins will receive a welcome message about possible support, if more than 50 users
are enrolled.
Plugins
-------
The privacyIDEA project also provides several plugins for 3rd party applications like SSO Identity Providers
or Windows Login.
Plugins can be limited in the number of users. I.e. the plugin will complain, if the total number of users
in privacyIDEA with an active token exceeds a certain limit. There is a certain base number of users, with which
the plugin will work. To enhance this number, you will need a subscription. In some cases an additional
demo subscription can be found in the release list of the corresponding github plugin repository,
you can get a subscription from the company NetKnights
or if you have a very good understanding of this Open Source code, you could create a subscription on your own.
==================== ============== ========================
Plugin Number of users
-------------------- ----------------------------------------
Name contained in demo subscription
==================== ============== ========================
Keycloak 10000 N/A
SimpleSAMLphp 10000 N/A
Shibboleth 10000 N/A
ADFS 50 50
privacyIDEA PAM 10000 N/A
Credential Provider 50 50
nextCloud 50 N/A
ownCloud 50 N/A
LDAP proxy 50 N/A
==================== ============== ========================
Versioning
==========
privacyIDEA adheres to `Semantic Versioning <http://semver.org/>`_.
Raw data
{
"_id": null,
"home_page": null,
"name": "privacyIDEA",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": "Cornelius K\u00f6lbel <cornelius@privacyidea.org>",
"keywords": "OTP, two-factor authentication, management, security, 2fa, mfa",
"author": null,
"author_email": "Cornelius K\u00f6lbel <cornelius@privacyidea.org>",
"download_url": "https://files.pythonhosted.org/packages/56/87/20529970d44eda1e276744ef77abefc6e470378eb7eafea5a7991d5f6757/privacyidea-3.12.1.tar.gz",
"platform": null,
"description": ".. .. image:: https://circleci.com/gh/privacyidea/privacyidea/tree/master.svg?style=shield&circle-token=:circle-token\n.. :alt: CircleCI\n.. :target: https://circleci.com/gh/privacyidea/privacyidea\n\n.. image:: https://codecov.io/gh/privacyidea/privacyidea/coverage.svg?branch=master\n :target: https://codecov.io/gh/privacyidea/privacyidea?branch=master\n\n.. .. image:: https://img.shields.io/pypi/dm/privacyidea.svg\n.. :alt: Downloads\n.. :target: https://pypi.python.org/pypi/privacyIDEA/\n\n.. image:: https://img.shields.io/pypi/v/privacyidea.svg\n :alt: Latest Version\n :target: https://pypi.python.org/pypi/privacyIDEA/#history\n\n.. image:: https://img.shields.io/pypi/pyversions/privacyidea.svg\n :alt: PyPI - Python Version\n :target: https://pypi.python.org/pypi/privacyIDEA/\n\n.. image:: https://img.shields.io/github/license/privacyidea/privacyidea.svg\n :alt: License\n :target: https://pypi.python.org/pypi/privacyIDEA/\n\n.. image:: https://readthedocs.org/projects/privacyidea/badge/?version=master\n :alt: Documentation\n :target: http://privacyidea.readthedocs.org/en/master/\n\n.. .. image:: https://codeclimate.com/github/privacyidea/privacyidea/badges/gpa.svg\n.. :alt: Code Climate\n.. :target: https://codeclimate.com/github/privacyidea/privacyidea\n\n.. .. image:: https://api.codacy.com/project/badge/grade/d58934978e1a4bcca325f2912ea386ff\n :alt: Codacy Badge\n :target: https://www.codacy.com/app/cornelius-koelbel/privacyidea\n\nprivacyIDEA: Open-Source Multi-Factor Authentication\n====================================================\n\nprivacyIDEA is an open-source MFA platform for orchestrating all your multi-factor authentication needs. Secure your entire stack with a flexible, self-hosted solution that puts you in control. As an on-premise platform, your sensitive user data always remains within your infrastructure.\n\nKey Features\n------------\n\n* **Universal MFA:** Add a second factor to virtually any application\u2014from SSH and VPNs to IdPs like Keycloak and web portals.\n* **Extensive Factor Support:** Go beyond simple OTP. We support everything from cutting-edge Passkeys and push authentication to various OTP types.\n* **Vendor-Agnostic:** Connect to your existing user stores (AD, LDAP, SQL, EntraID) without being locked into a specific ecosystem.\n* **Truly Open:** Licensed under AGPLv3 to guarantee your software freedom, always.\n\nSupported Authentication Factors\n--------------------------------\n\n* \ud83d\udd11 **Passkeys & Hardware:** FIDO2/WebAuthn devices (like YubiKey, Plug-Up).\n* \ud83d\udcb3 **Smartcards (PIV/x509):** Connect to a Microsoft CA using the `ms-ca-service <https://github.com/privacyidea/ms-ca-service>`_ and enroll certificates directly to PIV-compatible devices with our `enrollment client for Windows <https://github.com/privacyidea/smartcard-client-windows>`_.\n* \ud83d\udcf1 **Software & Mobile:** Use the `privacyIDEA Authenticator <https://github.com/privacyidea/pi-authenticator>`_ for PUSH notifications, TOTP, and HOTP; for standard TOTP/HOTP, other apps like Google Authenticator are also compatible. TiQR is also supported.\n* \ud83d\udcdc **Classic & Remote:** SMS, Email, SSH Keys, Security Questionnaires, and simple Registration Codes for easy rollout.\n\nSeamless Integration\n--------------------\n\nEnhance the security of your existing infrastructure:\n\n* **Operating Systems:** `Linux (PAM) <https://github.com/privacyidea/privacyidea-pam>`_, `Windows (Credential Provider) <https://github.com/privacyidea/privacyidea-credential-provider>`_\n* **Identity Providers:** `Keycloak <https://github.com/privacyidea/keycloak-provider>`_, `ADFS <https://github.com/privacyidea/adfs-provider>`_, `Shibboleth <https://github.com/privacyidea/shibboleth-plugin>`_, `SimpleSAMLphp <https://github.com/privacyidea/simplesamlphp-module-privacyidea>`_\n* **Remote Access:** VPNs with RADIUS (OpenVPN, Fortinet, Palo Alto), SSH\n* **Web Applications:** Apache, Nginx, any web portal via our REST API.\n* `nextCloud <https://github.com/privacyidea/privacyidea-nextcloud-app>`_, `ownCloud <https://github.com/privacyidea/privacyidea-owncloud-app>`_\n* **and more...**\n\n----\n\nJoin the Community\n------------------\n\nHave feedback, questions, or ideas? Join the discussion on our community forum:\nhttps://community.privacyidea.org\n\nSetup\n=====\n\nFor setting up the system to *run* it, please read install instructions\nat `privacyidea.readthedocs.io <http://privacyidea.readthedocs.io/en/latest/installation/index\n.html>`_.\n\nIf you want to setup a development environment start like this::\n\n git clone https://github.com/privacyidea/privacyidea.git\n cd privacyidea\n virtualenv venv\n source venv/bin/activate\n pip install -r requirements.txt\n\n.. _testing_env:\n\nYou may additionally want to set up your environment for testing, by adding the\nadditional dependencies::\n\n pip install -r tests/requirements.txt\n\nYou may also want to read the blog post about development and debugging at\nhttps://www.privacyidea.org/privacyidea-development-howto/\n\nRunning it\n==========\n\nFirst You need to create a `config-file <https://privacyidea.readthedocs\n.io/en/latest/installation/system/inifile.html>`_.\n\nThen create the database tables and the encryption key::\n\n ./pi-manage create_tables\n ./pi-manage create_enckey\n\nIf You want to keep the development database upgradable, You should `stamp\n<https://privacyidea.readthedocs.io/en/latest/installation/upgrade.html>`_ it\nto simplify updates::\n\n ./pi-manage db stamp head -d migrations/\n\nCreate the key for the audit log::\n\n ./pi-manage create_audit_keys\n\nCreate the first administrator::\n\n ./pi-manage admin add <username>\n\nRun it::\n\n ./pi-manage run\n\nNow you can connect to http://localhost:5000 with your browser and login\nas administrator.\n\nRun tests\n=========\n\nIf you have followed the steps above to set up your\n`environment for testing <#testing-env>`__, running the test suite should be as\neasy as running `pytest <http://pytest.org/>`_ with the following options::\n\n python -m pytest -v --cov=privacyidea --cov-report=html tests/\n\nContributing\n============\n\nThere are a lot of different ways to contribute to privacyIDEA, even\nif you are not a developer.\n\nIf you found a security vulnerability please report it to\nsecurity@privacyidea.org.\n\nYou can find detailed information about contributing here:\nhttps://github.com/privacyidea/privacyidea/blob/master/CONTRIBUTING.md\n\nCode structure\n==============\n\nThe database models are defined in ``models.py`` and tested in\ntests/test_db_model.py.\n\nBased on the database models there are the libraries ``lib/config.py`` which is\nresponsible for basic configuration in the database table ``config``.\nAnd the library ``lib/resolver.py`` which provides functions for the database\ntable ``resolver``. This is tested in tests/test_lib_resolver.py.\n\nBased on the resolver there is the library ``lib/realm.py`` which provides\nfunctions\nfor the database table ``realm``. Several resolvers are combined into a realm.\n\nBased on the realm there is the library ``lib/user.py`` which provides functions\nfor users. There is no database table user, since users are dynamically read\nfrom the user sources like SQL, LDAP, SCIM or flat files.\n\nSubscriptions and limitations of community edition\n==================================================\n\nUsing privacyIDEA Server and the privacyIDEA FreeRADIUS plugin there is technically no\nlimitation of the community edition or the code in this repository.\nAdmins will receive a welcome message about possible support, if more than 50 users\nare enrolled.\n\nPlugins\n-------\n\nThe privacyIDEA project also provides several plugins for 3rd party applications like SSO Identity Providers\nor Windows Login.\n\nPlugins can be limited in the number of users. I.e. the plugin will complain, if the total number of users\nin privacyIDEA with an active token exceeds a certain limit. There is a certain base number of users, with which\nthe plugin will work. To enhance this number, you will need a subscription. In some cases an additional\ndemo subscription can be found in the release list of the corresponding github plugin repository,\nyou can get a subscription from the company NetKnights\nor if you have a very good understanding of this Open Source code, you could create a subscription on your own.\n\n==================== ============== ========================\nPlugin Number of users\n-------------------- ----------------------------------------\nName contained in demo subscription\n==================== ============== ========================\nKeycloak 10000 N/A\nSimpleSAMLphp 10000 N/A\nShibboleth 10000 N/A\nADFS 50 50\nprivacyIDEA PAM 10000 N/A\nCredential Provider 50 50\nnextCloud 50 N/A\nownCloud 50 N/A\nLDAP proxy 50 N/A\n==================== ============== ========================\n\nVersioning\n==========\nprivacyIDEA adheres to `Semantic Versioning <http://semver.org/>`_.\n",
"bugtrack_url": null,
"license": null,
"summary": "privacyIDEA: multifactor authentication management system",
"version": "3.12.1",
"project_urls": {
"Changelog": "https://github.com/privacyidea/privacyidea/blob/master/Changelog",
"Documentation": "https://privacyidea.readthedocs.io",
"Forum": "https://community.privacyidea.org",
"Homepage": "https://privacyidea.org",
"Source Code": "https://github.com/privacyidea/privacyidea"
},
"split_keywords": [
"otp",
" two-factor authentication",
" management",
" security",
" 2fa",
" mfa"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "12d82b64eaf547efd6437b78e115ac0491d2e77523890053e791ce2e586ddc4a",
"md5": "69f654d94a19fbcd14784ba801c3678d",
"sha256": "dcaf19c358d755f4499ae1747a7d19c1bc00a09584aa0ccf91d8e2b10c6d806d"
},
"downloads": -1,
"filename": "privacyidea-3.12.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "69f654d94a19fbcd14784ba801c3678d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 7558431,
"upload_time": "2025-10-15T07:53:07",
"upload_time_iso_8601": "2025-10-15T07:53:07.689322Z",
"url": "https://files.pythonhosted.org/packages/12/d8/2b64eaf547efd6437b78e115ac0491d2e77523890053e791ce2e586ddc4a/privacyidea-3.12.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "568720529970d44eda1e276744ef77abefc6e470378eb7eafea5a7991d5f6757",
"md5": "47223cfd5aa0900c01b07dacc999b9d0",
"sha256": "5b1edf3fe02fb4594bb3282c1ae117f9c9e81d591656608fe5a3ef5541a29c98"
},
"downloads": -1,
"filename": "privacyidea-3.12.1.tar.gz",
"has_sig": false,
"md5_digest": "47223cfd5aa0900c01b07dacc999b9d0",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 16437131,
"upload_time": "2025-10-15T07:53:46",
"upload_time_iso_8601": "2025-10-15T07:53:46.292927Z",
"url": "https://files.pythonhosted.org/packages/56/87/20529970d44eda1e276744ef77abefc6e470378eb7eafea5a7991d5f6757/privacyidea-3.12.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-15 07:53:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "privacyidea",
"github_project": "privacyidea",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"circle": true,
"requirements": [],
"lcname": "privacyidea"
}
JSON
