Presence-based Logical Access

Conditional access based on user location is a new approach to defining access to company resources, adding an extra layer to multi-factor authentication (MFA). It uses the user’s physical location as an additional factor.

For example, the office can be set as a trusted zone where employees are granted access simply by being present, without needing additional MFA. This method enhances security and makes it more user-friendly.

The idea is to keep network access and AD/LDAP accounts locked at all times, unless an authorized employee has badged-in or checked-in. All network access is automatically locked at midnight, even if someone forgot to badge out.

Check mode: An employee who is accessing company data from within the office can be granted access after a simple “check” (network access time is predefined in WebADM and does not require a check-out).

Badge mode: That same employee who is working remotely can be required to “badge-in” and “badge-out” (network access is granted only between that period of time). This mode also guarantees the employee’s remote work hours are accurately reported.

With Presence-based Logical Access, access is restricted until a physical confirmation is provided (using the free OpenOTP Token app), adding an extra layer of security (a third factor) that can work in tandem with regular 2FA (username+password+OTP) to safeguard your network.

When combined with OpenOTP Network Access Control (NAC), this system can automate the badging process, granting network access and unlocking AD accounts. NAC ensures that only compliant devices are allowed on the network, and when integrated with Presence-based Logical Access, it streamlines security protocols and enhances overall protection by ensuring that only verified, authorized users can access critical resources.

Native IAM Integration

OpenOTP is compatible with local directories such as Active Directory (AD) and LDAP, providing extensive support for on-premise environments. Additionally, it is natively integrated with EntraID, Okta, Google, Ping Identity, One Identity, and many other identity providers, enabling simple integration across diverse IAM systems.

The free and official OpenOTP Token application offers a convenient and elegant solution for employees to check-in or badge-in to get network access.

Employees no longer need to carry around physical tokens or remember complex passwords to gain access to the company network. Instead, they simply need to open the OpenOTP Token app and follow the prompts to authenticate their identity/location.

The OpenOTP Token app provides a seamless and user-friendly experience for employees while also ensuring that the company network remains secure.

Whether you are buying a car or a security solution, you always want to test drive it before signing on the dotted line. We know this and you know this.

Contact us for your Free PoC or check it out for yourself.