Call us: +352 26 17 61 21 | Email us: info@rcdevs.com
RCDevs Security Solutions
RCDevs Security Solutions
  • Home
  • Solutions
    • VPN & SSL VPN
    • Windows Login & RDP
    • Microsoft ADFS
    • SSH key Management
    • UNIX & Linux Services
    • Citrix & VMWare
    • Enterprise WIFI
    • Cloud Applications
    • Compatibles Tokens
      • Hardware Tokens
      • Software Tokens
      • TiQR Mobile
    • Push Service Registration
  • Products
    • WebADM Control Center
    • OpenOTP Authentication Server
    • OpenOTP RADIUS Bridge
    • OpenOTP LDAP Bridge
    • SpanKey SSH Key Server
    • TiQR Login & Signing Server
    • OpenID & SAML Identity Provider
    • Self-Service Applications
    • OpenOTP Integration Plugins
    • WebADM Publishing Proxy
    • OpenOTP Hardware Security
  • Demos
    • Web Authentication with OTP
    • Web Authentication with U2F
    • Login & Signing with TiQR
    • SAML with OTP & TiQR
    • SSH with OTP & TiQR
  • Downloads
    • Software Products
    • Online Documents
  • News
  • Forum
    • Technical Forum
    • Announcements Group
    • Developers Group
  • Company
    • About Us
    • Contact Us
    • Our Customers
    • Our Partners
    • Our Vision of 2FA Security
    • EULA & Agreements
    • Software Licensing Options
    • Why choosing OpenOTP™
    • Job Opportunities
  • Store
  • Docs
×
Search Results

OpenOTP Authentication Server

  • Home
  • |
  • Products
  • |
  • OpenOTP Authentication Server

OpenOTP™ Server (Multi-Factor with OTP and FIDO-U2F)

OpenOTP™ is an enterprise-grade user authentication solution based on open standards. OpenOTP provides many (highly configurable) authentication schemes for your Domain users. It supports the combinations of single-factor and multi-factor user access with One-Time Password technologies (OTP) and Universal Second Factor (FIDO-U2F). 

The OpenOTP solution is composed of several components including WebADM sever, OpenOTP RADIUS Bridge and Self-Service applications. Combined with RCDevs third-party integrations, OpenOTP supports VPNs, Citrix, Web SSO, ADFS, Linux, Microsoft, Wifi, Web applications and much more…

OpenOTP is already used by thousands of customers in more than 40 countries, including fortune 100 companies. The fast market adoption of OpenOTP is the result of a high-quality product design, an impressive set of features, an increasing panel of integrations and an unbeatable combination of cost-efficiency, security and easy of use to secure corporate access.

AUTHENTICATION METHODS

RCDevs’ Multi-Factor Authentication relies on One-Time Password Technologies (OTP) and FIDO Universal Second Factor (U2F):

SOFTWARE TOKENS

OATH Event, Time and Challenge -based

HARDWARE TOKENS

OATH Event, Time and Challenge -based

SIGNED AUTHENTICATION

FIDO Universal Second Factor (U2F)

YUBICO TOKENS

YubiKey Standard, Nano, FIDO

MOBILE PUSH LOGIN

One-Tap 'Approve/Deny' Push Notifis

MOBILE PHONE

SMS OTP (On-Demand and Prefetched)

MAILBOX

Mail and Secure Mail OTP (PIN Mailer)

PRINTED LIST

Printed OATH One-Time Password Lists

Supported Mobile Devices (Software Tokens)

OpenOTP supports multiple One-Time Password standards (OATH HOTP/TOTP/OCRA, Mobile-OTP, YubiKey, SMSOTP or MailOTP). Software Tokens are provided by various publishers for any mobile platform such as:

Compatible Software Tokens

Google Android

Apple iPhone,
iPad

Windows Mobile,
Blackberry, Palm

Java Phones
(J2ME)

Certified Hardware Tokens

OpenOTP supports a large variety of OATH Hardware Tokens from many Token manufacturers. In fact, any Token working in OATH HOTP/TOTP or OCRA mode is compatible.

Compatible Hardware Tokens

RCDevs
RC200

Feitian
c100 | c200

SecuTech
300 | 500

SmartDisplayer
e1010 | t1020 | e2010

Vasco Digipass
GO3 | GO6

Yubikey
Standard | Neo | U2F

WHERE TO USE OPENOTP

OpenOTP provides interfaces including SOAP, REST, JSON-RPC and RADIUS. The native SOAP API is extremely simple and is provided with a WSDL service description file. It is also very easy to implement OpenOTP One-Time Password and/or U2F functionalities into your existing Web applications. Additional integration software from RCDevs provide support for Windows, ADFS, Linux and even Wifi access. 

You can use OpenOTP with:  

  • Web Applications (Java, PHP, ASP, Python, .Net…)
  • VPNs and SSL-VPNs (Checkpoint, Cisco, Nortel, Juniper, F5, Palo-Alto…)
  • OpenVPN Variants and PFsense
  • Citrix Access Gateway & Web Interface
  • Microsoft Reverse-Proxies (TMG / UAG / 2012 Server)
  • Microsoft ADFS (Exchange, Sharepoint…)
  • Linux PAM (SSH, FTP, OpenVPN, PPTP, POP/IMAP…)
  • Windows Login (Credential Provider for Vista, 7, 8)
  • Web Products (SugarCRM, Joomla, WordPress, RoundCube, Magento…)
  • OpenID-enabled Web Sites (Livejournal, Sourceforge…)
  • Corporate SAML and Google Apps
  • Cloud Applications (SalesForce, SugarCRM, GoToMeeting…) 
  • Enterprise Wifi Access (with EAP-GTC and EAP-TTLS-PAP)
  • Amazon Elastic Compute Cloud (EC2 / AWS)
  • Any other system (Using our simple integration libraries)

 

One-Tap Mobile Authentication

RCDevs OpenOTP Token for Android and IOS provides convenient authentication workflows with mobile push notifications. Our software Token has also been designed for the best user experience with two additional operating modes: In the standard mode, the Token gets notified during the login process and displays the transaction details with the OTP code. For more convenience, it can optionally speak the OTP. Of course the spoken codes cannot be spoofed and are usable for the ongoing user transaction only. Then comes the Simple-Push mode where the Token displays the transaction details and expects the user approval with a one-tap action (with ‘Approve/Deny’). Best of all, our Token is able to enforce biometric unlock and phishing attack mitigation by validating the user access locations.

Application Passwords

Application passwords are long random keys which can be generated by the users in the Self-Services and are specific to a client application. These keys can be used as replacement to the default login when the application does not support OTP nor U2F. The typical use-case is a mail server which is accessed via mobile devices. The mail clients on the devices are configured with the mail server application’s password to avoid entering the OTP password at every connection.

Contextual authentication

OpenOTP contextual authentication is able to intelligently lower the security requirement for a user login when a trusted context is validated. The trusted login context relies on the user’s IP addresses combined with client device fingerprints. When a login context is trusted, the user logs in with the single factor (the domain password). If a login failure occurs, multi-factor is enforced again.

QRCode Key Provisioning

With OpenOTP QRCode key provisioning, Token self-registration has never been so easy. No manual Token configuration or secret key input is required: With Google Authenticator or FreeOTP, users register their Software Token simply by scanning a registration QRCode on their iPhone or Android mobile device.
With other Software Tokens, users simply scan the displayed Token Key with a barcode reader and copy/paste it to their Token key for registration.

OpenOTP WebApps

Software Token technologies require the end-user to download the mobile software, enroll the mobile Token on the authentication server, and sometime to resynchronize the OTP generator. OpenOTP includes end-user Web Applications (SelfDesk and SelfReg) for simplifying the deployment of your solution as much as possible. RCDevs’ Self Services provides self-management end-user portals to be published on your corporate or public network.

  • RCDevs SelfDesk allows end-users to self-configure some personal settings, update their account information (ex. mobile number or email address), download, register and resync their Software Tokens.
  • SelfReg is another WebApp where administrators can trigger a user email with a one-time self-registration URL. By clicking the URL and entering his password, the user can register, resync and test Tokens.
  • PwReset allows users to securely reset their lost or expired Domain passwords with Token / SMS OTP, PKI and even U2F.

Hardware Security Modules

OpenOTP complies with the highest security requirements by supporting Hardware Security Modules (HSM). The YubiHSM hardware modules from Yubico (https://www.yubico.com/products/yubihsm/) can be used in order to enforce hardware cryptography in OpenOTP with AES encryption of Token seeds and true random generation for SMS/Email OTPs, OCRA challenges, OTP lists.

The use of HSM modules in OpenOTP is 100% transparent and the migration to hardware cryptography can be done at any time without impacting your business. RCDevs WebADM server supports up to 8 HSM modules in hot-plug mode for fault-tolerance and increased performances.

OpenOTP Trusted Domains

Trusts are special Domains which do not correspond to a set of local LDAP users but a set of users on a remote OpenOTP installation. The Trust system works like an authentication proxy for remote domains (within a trusted organization) and maps a local virtual Domain name to a remote Domain on another WebADM server.

 

ScreenShots

IP Geolocation OpenOTP User Actions Web Services Logs Token Registration User Self Service Desk User-level Configuration OpenOTP Configuration

MAIN KEY FEATURES

OpenOTP is very powerful. These are only the main key features

  • Supports any OATH Hardware or Software Token (HOTP, TOTP or OCRA)
  • Supports Mobile-OTP Software Tokens with PIN code
  • Supports all Yubikeys from Yubico
  • Supports FIDO Universal Second Factor devices (U2F)
  • Supports SMS, Mail and Secure Mail OTP (on-demand & prefetched)
  • Secure Token Inventory with easy graphical management in WebADM
  • Up to 10 simultaneous Tokens per-user (Hardware / Software)
  • PSKC Hardware Token seed import system (Vasco, Feitian, Gemalto…)
  • Easy Hardware Token registration via serial number
  • Easy Software Token registration via QRCode scanning
  • Intelligent contextual authentication with IP address and device fingerprint
  • Application-specific password for mobile applications not supporting OTP
  • SOAP, REST & JSON native APIs over HTTPS with WSDL service description
  • RADIUS for VPNs and RADIUS-enabled systems (OpenOTP Radius Bridge)
  • OpenID API for OpenID-enabled websites (OpenID Service Provider)
  • SAMLv2 IdP with POST redirections and IdP-initiated requests
  • Domain segregation with mappings to LDAP subtrees or dedicated LDAP
  • Trust Domains allowing authentication to be relayed to another OTP server
  • Per-client, group and network authentcation policies
  • Group-based access control & authentication policies
  • Support hardware security modules with Yubico YubiHSM
  • Data consistency with no replication/import/synchronization of LDAP users
  • Advanced replay attack protection for Tokens
  • Two-Factor with challenged OTP or password concatenation
  • Many configurations adjustable per server, domain, group, user, client

  • Supports One-Tap login (Approve/Deny) with OpenOTP Simple-Push
  • Support for both LDAP direct and indirect (Active Directory) groups
  • Support multiple LDAP datasources (directory federation)
  • Sensitive user data (ex. Token seeds) are encrypted in LDAP with AES-256
  • Geolocation of all user accesses with Google map reporting
  • SMS OTP with Clickatell, Plivin AQL, OVH, Mpulse SMS gateways (SMSHub)
  • SMS OTP with any SMPP-TR SMS gateways (SMSHub)
  • Possibility to add any other HTTP-based SMS Gateways (with SMSHub)
  • High availability SMS gateways (failover, load-balancing routing policies)
  • Per user location policies (IP address geolocalisation)
  • OTP fallback mechanisms and secondary OTP method (ex. Token + SMS)
  • Emergency OTP for helpdesk (auto-expirable passwords)
  • Optional PIN-protected OTPs (with variable length and format)
  • Sessions locking and session duplicate protection (clustered deployments)
  • Customizable end-user messages for emails, SMS, RADIUS messages
  • Multilingual support for user messages (per-user language support)
  • Comprehensive logging and reporting in SQL (WebADM Log Viewer)
  • User blocking timers and blocking policies for authentication failures
  • Clustered session replication secured with AES-256
  • Designed from the ground for high scalability (supports millions of users)
  • High performances (500 transactions per second on a two-nodes cluster)
  • Advanced failover and load-balancing (active-active cluster)
  • Dynamic remote connector failover for LDAP, SQL, SMTP…
  • Easy installation, update and configuration in RCDevs WebADM
  • Mail and SQL system alerts for administrators

Choose which package you want to download:

Download All-In-One Solution
OpenOTP Authentication Server
Download SMS Hub Server

DOCUMENTATION AND HOWTOs

See how simple it is to use OpenOTP Server:

  • The OpenOTP Brochure
  • WebADM Installation Guide
  • OpenOTP QuickStart Guide
  • OpenOTP FIDO U2F Manual
  • OpenOTP Push Login Manual

How to integrate OpenOTP with AD

OpenOTP Credential Provider for Windows

F5 APM and OpenOTP Push Authentication

Configure your OpenOTP Push Authentication

  • Intro
  • Description
  • Supported Tokens
  • Integrations
  • Highlights
  • Key Features
  • Downloads
  • Documentation
RCDevs

RCDevs is an award winning security company specialized in next-generation two-factor authentication. RCDevs is building its growing reputation over high-quality security software and its customers’ entire satisfaction.

Enjoy RCDevs!

AWARDS WINNING

RCDevs received the Sesames Award for the Best Innovation Discovery, the Commendation Award at SC Magazine for the Best SME Security Solution

Sesame Award SC Magazine Award ICT Awards

COMPANY INFO

  • About Us
  • Our Solutions
  • Terms & Conditions
  • Privacy Policy

CONTACT INFO

1 avenue du Blues
L-4368 Belvaux
Luxembourg
+352 26 17 61 21
+33 (0)9 72 14 52 97
+33 (0)9 72 14 53 03
Contact us
http://www.rcdevs.com
Copyright © 2010-2017 RCDevs SA, All Rights Reserved