4.8. privacyIDEA setup tool

privacyIDEA comes with a graphical setup tool to manage your token administrators and RADIUS clients. Thus you will get a kind of appliance experience. To install all necessary components read appliance.

To configure the system, login as the user root on your machine and run the command:

privacyidea-setup

This will bring you to this start screen.

../_images/start-screen.png

Start screen of the appliance setup tool.

You can configure privacyidea settings, the log level, administrators, encryption key and much more. You can configure the webserver settings and RADIUS clients.

../_images/configure-privacyidea.png

Configure privacyidea

../_images/manage-admins.png

You can create new token administrators, delete them and change their passwords.

../_images/manage-radius-clients.png

In the FreeRADIUS settings you can create and delete RADIUS clients.

All changes done in this setup tool are directly read from and written to the corresponding configuration files. The setup tool parses the original nginx and freeradius configuration files. So there is no additional place where this data is kept.

Note

You can also edit the clients.conf and other configuration files manually. The setup tool will also read those manual changes!

4.8.1. Backup and Restore

Starting with version 1.5 the setup tool also supports backup and restore. Backups are written to the directory /var/lib/privacyidea/backup.

The backup contains all privacyIDEA configuration, the contents of the directory /etc/privacyidea, the encryption key, the configured administrators, the complete token database (MySQL) and Audit log. Furthermore if you are running FreeRADIUS the backup also contains the /etc/freeradius/clients.conf file.

../_images/backup1.png

4.8.1.1. Schedulded backup

At the configuration point Configure Backup you can define times when a scheduled backup should be performed. This information is written to the file /etc/crontab.

../_images/backup2.png

Scheduled backup

You can enter minutes, hours, day of month, month and day of week. If the entry should be valid for each e.g. month or hour, you need to enter a ‘*’.

In this example the 10 17 * * * (minute=10, hour=17) means to perform a backup each day and each month at 17:10 (5:10pm).

The example 1 10 1 * * (minute=1, hour=10, day of month=1) means to perform a backup on the first day of each month at 10:01 am.

Thus you could also perform backups only once a week at the weekend.

4.8.1.2. Immediate backup

If you want to run a backup right now you can choose the entry Backup now.

4.8.1.3. Restore

The entry View Backups will list all the backups available.

../_images/backup3.png

All available backups

You can select a backup and you are asked if you want to restore the data.

Warning

Existing data is overwritten and will be lost.