All Projects → privacyidea → Privacyidea

privacyidea / Privacyidea

Licence: agpl-3.0
🔐 multi factor authentication system (2FA, MFA, OTP Server)

Programming Languages

139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Privacyidea

The Single Sign-On Multi-Factor portal for web apps
Stars: ✭ 11,094 (+980.23%)
Mutual labels:  authentication, 2fa, two-factor-authentication, mfa, two-factor
🔑 One Time Password (OTP) / 2FA for Node.js and Browser - Supports HOTP, TOTP and Google Authenticator
Stars: ✭ 916 (-10.81%)
Mutual labels:  otp, 2fa, two-factor-authentication, two-factor
A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
Stars: ✭ 664 (-35.35%)
Mutual labels:  otp, two-factor, two-factor-authentication, 2fa
Twofactor totp
🔑 Second factor TOTP (RFC 6238) provider for Nextcloud
Stars: ✭ 203 (-80.23%)
Mutual labels:  otp, 2fa, two-factor-authentication, two-factor
CrOTP - One Time Passwords for Crystal
Stars: ✭ 62 (-93.96%)
Mutual labels:  otp, two-factor-authentication, 2fa
Two Factor Bundle
[OUTDATED] Two-factor authentication for Symfony applications 🔐 (bunde version ≤ 4). Please use version 5 from
Stars: ✭ 388 (-62.22%)
Mutual labels:  authentication, 2fa, two-factor-authentication
A highly configurable yet simple to use TOTP based two-factor authentication processing module for SimpleSAMLphp.
Stars: ✭ 16 (-98.44%)
Mutual labels:  mfa, two-factor-authentication, 2fa
Aws Mfa
Manage AWS MFA Security Credentials
Stars: ✭ 606 (-40.99%)
Mutual labels:  2fa, two-factor-authentication, mfa
One Time Password (HOTP/TOTP) library for Node.js, Deno and browsers.
Stars: ✭ 135 (-86.85%)
Mutual labels:  otp, two-factor-authentication, two-factor
A small and easy-to-use one-time password generator library for Java according to RFC 4226 (HOTP) and RFC 6238 (TOTP).
Stars: ✭ 107 (-89.58%)
Mutual labels:  otp, two-factor-authentication, 2fa
Google2fa Laravel
A One Time Password Authentication package, compatible with Google Authenticator for Laravel
Stars: ✭ 618 (-39.82%)
Mutual labels:  authentication, 2fa, two-factor-authentication
React Native wrapper for Android's SMS User Consent API, ready to use in React Native apps with minimum effort.
Stars: ✭ 45 (-95.62%)
Mutual labels:  otp, two-factor, 2fa
Two Factor Auth
Generate 2FA tokens compatible with Google Authenticator
Stars: ✭ 352 (-65.73%)
Mutual labels:  2fa, two-factor-authentication, two-factor
🔑 A small library for generating TOTP and HOTP one-time passwords on iOS.
Stars: ✭ 243 (-76.34%)
Mutual labels:  otp, 2fa, two-factor-authentication
A .NET implementation of TOTP and HOTP for things like two-factor authentication codes.
Stars: ✭ 424 (-58.71%)
Mutual labels:  otp, 2fa, two-factor-authentication
apache 2fa
Apache two-factor (2FA) authentication with Google Authenticator based on Time-based One-Time Password (TOTP) or HMAC-based one-time password (HOTP) Algorithms.
Stars: ✭ 63 (-93.87%)
Mutual labels:  two-factor, two-factor-authentication, 2fa
Gortas is an API based authentication service, allows adding authentication to your site or service with minimum efforts.
Stars: ✭ 48 (-95.33%)
Mutual labels:  otp, authentication, 2fa
Totp Cli
A cli-based pass-backed TOTP app
Stars: ✭ 76 (-92.6%)
Mutual labels:  otp, authentication, 2fa
Time-Based One-Time Password Code Generator
Stars: ✭ 76 (-92.6%)
Mutual labels:  two-factor, two-factor-authentication, 2fa
🔒 AWS multi-factor authentication for the CLI
Stars: ✭ 38 (-96.3%)
Mutual labels:  mfa, two-factor-authentication, 2fa


.. image:: :alt: Build Status :target:

.. .. image:: .. :alt: CircleCI .. :target:

.. image:: :target:

.. .. image:: .. :alt: Downloads .. :target:

.. image:: :alt: Latest Version :target:

.. image:: :alt: PyPI - Python Version :target:

.. image:: :alt: License :target:

.. image:: :alt: Documentation :target:

.. .. image:: .. :alt: Code Climate .. :target:

.. image:: :alt: Codacy Badge :target:

.. image:: :alt: privacyIDEA on twitter

privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications.


privacyIDEA runs as an additional service in your network and you can connect different applications to privacyIDEA.

.. image:: :alt: privacyIDEA Integration :scale: 50 %

privacyIDEA does not bind you to any decision of the authentication protocol or it does not dictate you where your user information should be stored. This is achieved by its totally modular architecture. privacyIDEA is not only open as far as its modular architecture is concerned. But privacyIDEA is completely licensed under the AGPLv3.

It supports a wide variety of authentication devices like OTP tokens (HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), FIDO U2F, as well as FIDO2 WebAuthn devices like Yubikey and Plug-Up, smartphone Apps like Google Authenticator, FreeOTP, Token2 or TiQR, SMS, Email, SSH keys, x509 certificates and Registration Codes for easy deployment.

privacyIDEA is based on Flask and SQLAlchemy as the python backend. The web UI is based on angularJS and bootstrap. A MachineToken design lets you assign tokens to machines. Thus you can use your Yubikey to unlock LUKS, assign SSH keys to SSH servers or use Offline OTP with PAM.

You may join the discourse discussion forum to give feedback, help other users, discuss questions and ideas:


For setting up the system to run it, please read install instructions at < .html>_.

If you want to setup a development environment start like this::

git clone
cd privacyidea
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt

.. _testing_env:

You may additionally want to set up your environment for testing, by adding the additional dependencies::

pip install -r tests/requirements.txt

You may also want to read the blog post about development and debugging at

Getting and updating submodules

The client-side library for the registering and signing of WebAuthn-Credentials resides in a submodule.

To fetch all submodules for this repository, run::

git submodule update --init --recursive

When pulling changes from upstream later, you can automatically update any outdated submodules, by running::

git pull --recurse-submodules

Running it

First You need to create a config-file <https://privacyidea.readthedocs .io/en/latest/installation/system/inifile.html>_.

Then create the database and encryption key::

./pi-manage createdb
./pi-manage create_enckey

If You want to keep the development database upgradable, You should stamp <>_ it to simplify updates::

./pi-manage db stamp head -d migrations/

Create the key for the audit log::

./pi-manage create_audit_keys

Create the first administrator::

./pi-manage admin add <username>

Run it::

./pi-manage runserver

Now you can connect to http://localhost:5000 with your browser and login as administrator.

Run tests

If you have followed the steps above to set up your environment for testing <#testing-env>__, running the test suite should be as easy as running pytest <>_ with the following options::

python -m pytest -v --cov=privacyidea --cov-report=html tests/


There are a lot of different ways to contribute to privacyIDEA, even if you are not a developer.

If you found a security vulnerability please report it to [email protected].

You can find detailed information about contributing here:

Code structure

The database models are defined in and tested in tests/

Based on the database models there are the libraries lib/ which is responsible for basic configuration in the database table config. And the library lib/ which provides functions for the database table resolver. This is tested in tests/

Based on the resolver there is the library lib/ which provides functions for the database table realm. Several resolvers are combined into a realm.

Based on the realm there is the library lib/ which provides functions for users. There is no database table user, since users are dynamically read from the user sources like SQL, LDAP, SCIM or flat files.


privacyIDEA adheres to Semantic Versioning <>_.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].