Skip to content


Subversion checkout URL

You can clone with
Download ZIP
authentication system for two factor authentication (2FA, OTP)
Python JavaScript HTML PHP Perl Shell Other
Failed to load latest commit information.
authmodules Add owncloud API access
contrib Increase pyjwt to version 1.3.0
deploy Add Hashalgorithms and digits to QR Code
doc Add German Translation of Web UI
migrations Catch exception during DB migration
po improve translation
privacyidea update angular-multiselect to 4.0
tools Add script to create an editable SQLResolver
.coveralls.yml init: code cleanup
.gitignore Add German Translation of Web UI
.gitmodules docu
.travis.yml add python 3.4 to travis
Changelog Set version 2.4
Gruntfile.js Add German Translation of Web UI
LICENSE init: code cleanup Building of ubuntu nginx package
Makefile Add Hashalgorithms and digits to QR Code
Procfile Add HerokuConfig Adapt readme and changelog for release
circle.yml Add User Enroll UI Test to circle CI
coveragerc The flask based privacyidea 2.0 branch Add Audit rotation to
requirements.txt Increase pyjwt to version 1.3.0 Add Hashalgorithms and digits to QR Code


Build Status CircleCI Coverage Status Downloads Latest Version License Documentation Status Code Climate

privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, Smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications.

privacyIDEA does not bind you to any decision of the authentication protocol or it does not dictate you where your user information should be stored. This is achieved by its totally modular architecture. privacyIDEA is not only open as far as its modular architecture is concerned. But privacyIDEA is completely licensed under the AGPLv3.

It supports a wide variety of authentication devices like OTP tokens (HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), Smartphone Apps like Google Authenticator, SMS, Email, SSH keys, x509 certificates and Registration Codes for easy deployment.

Since version 2 privacyIDEA is based on flask and sqlalchemy as the python backend. The web UI is based on angularJS and bootstrap. A MachineToken design lets you assign tokens to machnies. Thus you can use your Yubikey to unlock LUKS, assign SSH keys to SSH servers or use Offline OTP with PAM.

With version 2 the code was cleaned up and it was emphasized to keep a good code coverage. The design separates the database layer from the library layer and from the REST API layer. Thus allowing easy unit testing in each layer.

You are also welcome to take a look at the hopefully tidy code and contribute.

I try to keep up a good test coverage. So run tests!


You can setup the system in a virtual environment:

git checkout
cd privacyidea
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt

Read the install instructions at

Running it

Create the database and encryption key:

./ createdb
./ create_enckey

Create the first administrator:

./ admin add <username> <email>

Run it:

./ runserver

Now you can connect to http://localhost:5000 with your browser and login as administrator.

Run in virtualenv

For running the server in a virtual env see documentation at

Run tests

nosetests -v --with-coverage --cover-package=privacyidea --cover-html

Code structure

The database models are defined in and tested in tests/

Based on the database models there are the libraries lib/ which is responsible for basic configuration in the database table config. And the library lib/ which provides functions for the database table resolver. This is tested in tests/

Based on the resolver there is the library lib/ which provides functions for the database table realm. Several resolvers are combined into a realm.

Based on the realm there is the library lib/ which provides functions for users. There is no database table user, since users are dynamically read from the user sources like SQL, LDAP, SCIM or flat files.


In certain cases the database structure has changed (1.5->2.0). Read for upgrade instructions.


privacyIDEA adheres to Semantic Versioning.

Something went wrong with that request. Please try again.