Home / Products / Openotp

OpenOTP™ Authentication Server

Get The Brochure Why OpenOTP

OpenOTP™ is an enterprise-grade user authentication solution based on open technologies. OpenOTP provides multiple (highly configurable) authentication schemes for your LDAP users. The supported authentications methods are based on Two-Factor and One-Time Password technologies (OTP): OATH Event, Time and Challenge -based Software Tokens OATH Event, Time and Challenge -based Hardware Tokens YubiKey Hardware Tokens Mobile-OTP (mOTP) Software Tokens SMS One-Time Passwords (On-Demand and Prefetched) Mail and Secure Mail One-Time Passwords (PIN Mailer) Printed OATH One-Time Password Lists

The OpenOTP solution is composed of several components including WebADM, the OpenOTP SOAP/JSON Web service, the OpenOTP Radius Bridge, the User Self-service Desk and Self-Enrollment end-user Web Applications.

OpenOTP provides an unbeatable combination of cost-efficiency, security and easy of use to corporate and Web application access.

		Supported Mobile Devices (Software Tokens)
	OpenOTP supports multiple One-Time Password standards (OATH HOTP/TOTP/OCRA, Mobile-OTP, YubiKey, SMSOTP or MailOTP). Software Tokens are provided by various publishers for any mobile platform such as: Java Phones (J2ME) Windows Mobile, Blackberry, Palm Apple iPhone, iPad Google Android Click here for a list of compatible Free Software Tokens from various publishers.

		Certified Hardware Tokens
	OpenOTP supports a large variety of OATH Hardware Tokens from many Token manufacturers. In fact, any Token working in OATH HOTP/TOTP or OCRA mode is compatible. Feitian c100, c200 (HOTP, TOTP) SecuTech 300, 500 (HOTP, TOTP) SmartDisplayer e1010, t1020, e2010 (HOTP, TOTP, OCRA) Vasco GO6, GO3 (HOTP, TOTP) Yubico Yubikey (Yubikey, OATH) Please contact us for a Hardware Token Solution.

		Where to Use OpenOTP
	OpenOTP provides SOAP/XML, JSON and RADIUS APIs. The SOAP API is provided with a WSDL service description file. It is also very simple to implement OpenOTP One-Time Password functionalities into your existing Web applications. Sample login pages are available in the Downloads section. You can use OpenOTP with: Web Applications (Java, PHP, ASP, .Net... integration) VPNs (Checkpoint, Cisco, Nortel, Juniper, F5, OpenVPN...) Citrix Access Gateway & Web Interface Microsoft ISA/TMS, Exchange, Sharepoint Linux PAM (SSH, FTP, OpenVPN, PPTP, POP/IMAP...) Web-based Products (SugarCRM, Joomla, RoundCube...) OpenID-enabled Web Sites (OpenID Provider) SAML and Google Apps (With SimpleSAML Plugin) Any other system (Using our simple integration libraries)

		QRCode Key Provisioning
	With OpenOTP QRCode key provisioning, Token self-registration has never been so easy. No manual Token configuration or secret key input is required: With Google Authenticator, users register their Software Token simply by scanning a registration barcode on their iPhone or Android mobile. With Other Software Tokens, users simply scan the displayed Token Key with a barcode reader and copy/paste it to their Token key for registration.

		OpenOTP WebApps
	Software Token technology requires the end-user to download the mobile software, register the initial Token Key on the authentication server, and sometime to resynchronize the OTP generator. OpenOTP includes end-user Web Applications (SelfDesk and SelfReg) for simplifying the deployment of your solution as much as possible. SelfDesk is an end-user self-management portal to be plugged into WebADM, and published on your corporate or public network. SelfDesk allows end-users to self-configure some personal settings, update their account information (ex. mobile number or email address), download, register and resync their Software Tokens. SelfReg is another WebApp where administrators can send a user email with a one-time self-regisration URL. By clicking the URL and entering his password, the user can register, resync and test a software Tokens.

		OpenOTP Trusted Domains
	Trusts are special Domains which do not correspond to a set of local LDAP users but a set of users on a remote OpenOTP installation. The Trust system works like an authentication proxy for remote domains (within a trusted organization) and maps a local virtual Domain name to a remote Domain on another WebADM server.

		Other Key Features
	Supports OATH Event-based (HOTP), Time-based (TOTP) and Challenge-Response (OCRA) One-time Password standards. Includes PSKC Hardware Tokens (Vasco, Feitian...) key import system. Software Token registration via scanning a QRCode with Google Authenticator. Supports Mobile-OTP Software Tokens with PIN Code. Supports Yubikeys from Yubico. Supports SMS, Mail and Secure Mail One-time Password (on-demand & prefetched). SOAP/XML & JSON API (with WSDL service description) over HTTP/HTTPS. RADIUS API for VPNs and RADIUS-compatible devices (See OpenOTP Radius Bridge). OpenID API for OpenID-enabled websites (See OpenID Provider). Domain support with mappings to LDAP subtrees, LDAP groups or dedicated directories. Trust Domains support allowing authentication to be securely relayed to another trusted OpenOTP server. Per-client application policies (group-based access control & authentication policy). Support multiple LDAP datasources (at the same time). No replication/import/synchronization of your LDAP users. Our solutions use your LDAP users and groups. OpenOTP settings (security policies and Token types) can be adjusted per users or groups in LDAP. Built-in replay attack protection for Time-based Tokens. Many configurations available, adjustable per server/domain/group/user/client (through 100% Web interface). Support for both LDAP direct and indirect (Active Directory) groups. Sensitive user data (such as Token keys) are encrypted in LDAP with AES-256. SMSOTP supports Clickatell, AQL, OVH, Mpulse SMS gateways (with SMSHub). SMSOTP supports any SMPP-TR SMS gateways (with SMSHub). Possibility to add any other HTTP or SOAP-based SMS Gateways (with SMSHub). OTP fallback mechanisms for SMS and Mail OTP (works with SMSC or mobile delivery failures). Emergency OTP (auto-expirable password with configurable life-time). Includes high availability SMS gateway (SMSHub) for failover, load-balancing and custom SMSCs. User sessions locking and session duplicates protection (for clustered configurations). Customizable end-user messages for emails, SMS, SOAP, RADIUS messages. Full multilingual support for all end-user messages with Unicode and UTF-8 (per-user language support). Comprehensive logging and accounting in SQL (accessible from the powerful WebADM Log Viewer). Configurable user blocking timers and blocking policies for authentication failures. Uses WebADM network Session Manager with AES-256 encrypted user sessions. Designed for scalability (supports failover and load-balancing). Easy installation, update and configuration in RCDevs WebADM. Mail and SQL system alerts. True random codes generator.