diff --git a/pkgs/servers/privacyidea/default.nix b/pkgs/servers/privacyidea/default.nix
new file mode 100644
index 00000000000..af5451a9378
--- /dev/null
+++ b/pkgs/servers/privacyidea/default.nix
@@ -0,0 +1,49 @@
+{ lib, buildPythonPackage, fetchFromGitHub, cacert, openssl, python
+
+, cryptography, pyrad, pymysql, python-dateutil, flask-versioned, flask_script
+, defusedxml, croniter, flask_migrate, pyjwt, configobj, sqlsoup, pillow
+, python-gnupg, passlib, pyopenssl, beautifulsoup4, smpplib, flask-babel
+, ldap3, huey, pyyaml, qrcode, oauth2client, requests, lxml, cbor2, psycopg2
+
+, mock, pytest, responses, testfixtures
+}:
+
+buildPythonPackage rec {
+  pname = "privacyIDEA";
+  version = "3.3";
+
+  src = fetchFromGitHub {
+    owner = pname;
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "188ki924dig899wlih45xfsm0s7mjkya56vii26bg02h91izrb4b";
+  };
+
+  propagatedBuildInputs = [
+    cryptography pyrad pymysql python-dateutil flask-versioned flask_script
+    defusedxml croniter flask_migrate pyjwt configobj sqlsoup pillow
+    python-gnupg passlib pyopenssl beautifulsoup4 smpplib flask-babel
+    ldap3 huey pyyaml qrcode oauth2client requests lxml cbor2 psycopg2
+  ];
+
+  checkInputs = [ openssl mock pytest responses testfixtures ];
+  # issues with hardware token tests
+  doCheck = false;
+
+  postPatch = ''
+    substituteInPlace privacyidea/lib/resolvers/LDAPIdResolver.py --replace \
+      "/etc/privacyidea/ldap-ca.crt" \
+      "${cacert}/etc/ssl/certs/ca-bundle.crt"
+  '';
+
+  postInstall = ''
+    rm -rf $out/${python.sitePackages}/tests
+  '';
+
+  meta = with lib; {
+    description = "Multi factor authentication system (2FA, MFA, OTP Server)";
+    license = licenses.agpl3Plus;
+    homepage = "http://www.privacyidea.org";
+    maintainers = [ maintainers.globin ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index a0012372319..bbb246a6082 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -3197,6 +3197,8 @@ in {
 
   priority = callPackage ../development/python-modules/priority { };
 
+  privacyidea = callPackage ../servers/privacyidea { };
+
   prov = callPackage ../development/python-modules/prov { };
 
   pudb = callPackage ../development/python-modules/pudb { };