6.3. Token types in privacyIDEA¶
The following list is an overview of the supported token types. For more details, consult the respective description listed in Tokens. Some token require prior configuration as described in Token type details.
Certificate Token - A token that represents a client certificate.
Day Password Token - The DayPassword Token is a time based password loosely based on the TOTP algorithm which can be used multiple times.
Email - A token that sends the OTP value to the EMail address of the user.
Indexed Secret Token - a challenge response token that asks the user for random positions from a secret string.
Daplug - A hardware OTP token similar to the Yubikey.
OCRA - A basic OATH Challenge Response token.
Paper Token (PPR) - event based One Time Password tokens that get you list of one time passwords on a sheet of paper.
Push Token - A challenge response token, that sends a challenge to the user’s smartphone and the user simply accepts the request to login.
Application Specific Password Token - This is an application specific password token based on the Password Token. It can be used to provide static password for specific services or applications, where e.g. one time passwords are not suitable.
Questionnaire Token - A token that contains a list of answered questions. During authentication a random question is presented as challenge from the list of answered questions is presented. The user must give the right answer.
RADIUS - A virtual token that forwards the authentication request to a RADIUS server.
Remote - A virtual token that forwards the authentication request to another privacyIDEA server.
SMS Token - A token that sends the OTP value to the mobile phone of the user.
Spass - Simple Pass Token - The simple pass token. A token that has no OTP component and just consists of the OTP pin or (if otppin=userstore is set) of the userstore password.
TiQR - A Smartphone token that can be used to login by only scanning a QR code.
U2F - A U2F device as specified by the FIDO Alliance. This is a USB device to be used for challenge response authentication.
VASCO - The proprietary VASCO token.
WebAuthn - The WebAuthn or FIDO2 token which can use several different mechanisms like USB tokens or TPMs to authenticate via public key cryptography.
Yubikey - A Yubikey hardware initialized in the AES mode, that authenticates against privacyIDEA.
Yubico - A Yubikey hardware that authenticates against the Yubico Cloud service.
6.3.1. Token type details¶
Detailed information on the different token types used in privacyIDEA can be found in the following sections.
- 188.8.131.52. Four Eyes
- 184.108.40.206. Application Specific Password Token
- 220.127.116.11. Certificate Token
- 18.104.22.168. Day Password Token
- 22.214.171.124. Email
- 126.96.36.199. HOTP Token
- 188.8.131.52. Indexed Secret Token
- 184.108.40.206. mOTP Token
- 220.127.116.11. OCRA
- 18.104.22.168. Paper Token (PPR)
- 22.214.171.124. Push Token
- 126.96.36.199. Password Token
- 188.8.131.52. Questionnaire Token
- 184.108.40.206. RADIUS
- 220.127.116.11. Registration
- 18.104.22.168. Remote
- 22.214.171.124. SMS Token
- 126.96.36.199. Spass - Simple Pass Token
- 188.8.131.52. SSH Keys
- 184.108.40.206. TAN Token
- 220.127.116.11. TiQR
- 18.104.22.168. TOTP
- 22.214.171.124. U2F
- 126.96.36.199. VASCO
- 188.8.131.52. WebAuthn
- 184.108.40.206. Yubico
- 220.127.116.11. Yubikey