Login to the Web UI

privacyIDEA has one login form for users to login and for administrators to login.

The login screen can contain a dropdown box with the list of existing realms. The dropdown box can be configured in the System Config dialog on the GUI settings tab.

You should enter your username and choose the right realm. If the dropdown box is not displayed, then you need to append the realm to the username like username@realm.

Login for normal users

Normal users authenticate at the login form to be able to manage their own tokens. By default users need to authenticate with the password from their user source.

E.g. if the users are located in an LDAP or Active Directory the user needs to authenticate with his LDAP/AD password.


The user my either login with his password from the userstore or with any of his tokens.


The administrator may change this behaviour by creating an according policy, which then requires the user to authenticate against privacyIDEA itself. I.e. this way the user needs to authenticate with a second factor/token to access the self service portal. (see the policy section login_mode)

Login for administrators

Administrators can authenticate at this login form to access the management UI.

Administrators are stored in the database table Admin and can be managed with the tool:

pi-manage.py admin ...

The administrator just logs in with his username.


You can configure privacyIDEA to authenticate administrators against privacyIDEA itself, so that administrators need to login with a second factor. See SUPERUSER_REALM in inifile_superusers how to do this.

Table Of Contents

Related Topics

This Page