Not sure if it's what you're looking for, but I developed a bash script to auto-generate tokens daily for all users not in my service-accounts group if they did not exist. It then emails a QR code to the user and a notification email to the management email. This may not be the best way to do it, but it works for us.

https://gogs.tfmm.co/tfmm/freeipa-generate-otp-tokens

--Russ

On Thu, Mar 11, 2021 at 8:39 AM dd4321 Dey via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:

Hi

Is it possible to add/generate OTP token without using IPA user interface ? Due to security reasons, i don't want to give access to IPA web interface to users. Recently, i have configured password manager which integrates OpenLDAP/IPA server. So each user can change their password using password manager eliminating needs for accessing IPA web UI. In the same way, is it possible to do the same i.e generating OTP token using any third party application ?

Regards

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure