diff --git a/lam/HISTORY b/lam/HISTORY
index efff9345..50116e1e 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -1,3 +1,7 @@
+March 2017
+ - 2-factor authentication for admin login and self service with privacyIDEA
+
+
18.12.2016 5.6
- New mechanism to replace wildcards in user edit screen. Personal/Unix support more wildcards like "$firstname".
- Windows: added support for pager, otherPager, mobile, otherMobile, company and proxyAddresses (disabled by default in server profile)
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 8dcca869..5039fdcc 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -8563,7 +8563,7 @@ OK (10 msec)
Edit your new profile
- Basic settings
+ General settings
On top of the page you see the link to the user login page. Copy
this link address and give it to your users.
@@ -8708,6 +8708,52 @@ OK (10 msec)
+
+
+
+
+ 2-factor authentication
+
+ LAM supports 2-factor authentication for your users. This
+ means the user will not only authenticate by user+password but also
+ with e.g. a token generated by a mobile device. This adds more
+ security because the token is generated on a physically separated
+ device (typically mobile phone).
+
+ The token is validated by a second application. LAM currently
+ supports:
+
+
+
+ privacyIdea
+
+
+
+ By default LAM will enforce to use a token and reject users
+ that did not setup one. You can set this check to optional. But if a
+ user has setup a token then this will always be required.
+
+
+
+
+
+
+
+
+
+ After logging in with user + password LAM will ask for the 2nd
+ factor. If the user has setup multiple factors then he can choose
+ one of them.
+
+
+
+
+
+
+
+
+
diff --git a/lam/docs/manual-sources/images/conf4.png b/lam/docs/manual-sources/images/conf4.png
index 554cf0de..f26b45fb 100644
Binary files a/lam/docs/manual-sources/images/conf4.png and b/lam/docs/manual-sources/images/conf4.png differ
diff --git a/lam/docs/manual-sources/images/conf7.png b/lam/docs/manual-sources/images/conf7.png
new file mode 100644
index 00000000..718b0773
Binary files /dev/null and b/lam/docs/manual-sources/images/conf7.png differ
diff --git a/lam/docs/manual-sources/images/conf8.png b/lam/docs/manual-sources/images/conf8.png
new file mode 100644
index 00000000..9e00f2d3
Binary files /dev/null and b/lam/docs/manual-sources/images/conf8.png differ