Presence-based Logical Access

Conditional Access

Presence-based Logical Access

Presence-based Logical Access enhances security by ensuring network access and AD accounts remain locked unless an authorized employee badges in from an approved location. Minimize cyberattacks, unauthorized access risks, provide robust protection, and simplify network resource management.

Conditional access based on user location

Minimize your Attack Surface

Conditional access based on user location is a new approach to defining access to company resources, adding an extra layer to multi-factor authentication (MFA). It uses the user’s physical location as an additional factor.

For example, the office can be set as a trusted zone where employees are granted access simply by being present, without needing additional MFA. This method enhances security and makes it more user-friendly.

The idea is to keep network access and AD/LDAP accounts locked at all times, unless an authorized employee has badged-in or checked-in. All network access is automatically locked at midnight, even if someone forgot to badge out.

Badging1
Remote Office Badging

Check mode: An employee who is accessing company data from within the office can be granted access after a simple “check” (network access time is predefined in WebADM and does not require a check-out).

Badge mode: That same employee who is working remotely can be required to “badge-in” and “badge-out” (network access is granted only between that period of time). This mode also guarantees the employee’s remote work hours are accurately reported.

With Presence-based Logical Access, access is restricted until a physical confirmation is provided (using the free OpenOTP Token app), adding an extra layer of security (a third factor) that can work in tandem with regular 2FA (username+password+OTP) to safeguard your network.

When combined with OpenOTP Network Access Control (NAC), this system can automate the badging process, granting network access and unlocking AD accounts. NAC ensures that only compliant devices are allowed on the network, and when integrated with Presence-based Logical Access, it streamlines security protocols and enhances overall protection by ensuring that only verified, authorized users can access critical resources.

RCDevs NAC

Unified IAM Federation

Native IAM Integration

OpenOTP is compatible with local directories such as Active Directory (AD) and LDAP, providing extensive support for on-premise environments. Additionally, it is natively integrated with EntraID, Okta, Google, Ping Identity, One Identity, and many other identity providers, enabling simple integration across diverse IAM systems.

Main Security Features

User AD Account locked at all times at the LDAP level unless user badges in
User Network Access locked at all times unless user badges in
Set "requires badging" policy for applications, groups, subgroups, etc...
Automatic population of groups granting AD rights on Unix (ex: Samba file server)
Define allowed badging location by geographic zone or by country
compliant remote work regulation reporting
Presence based Logical Access User Map
IP Match Badging policy: enforce work IP address to match the user badging IP address
Step Down policy: extend office policies to remote workers if badging on the same IP
Badge-in or check mode depending on location and trusted zones
Possibility to add additional badging zones on groups
Location of users viewable on a map
Collected data istimestamped using the local CA in XADES or using eIDAS
Multiple offices supported

OpenOTP Token App

The free and official OpenOTP Token application offers a convenient and elegant solution for employees to check-in or badge-in to get network access.

Employees no longer need to carry around physical tokens or remember complex passwords to gain access to the company network. Instead, they simply need to open the OpenOTP Token app and follow the prompts to authenticate their identity/location.

The OpenOTP Token app provides a seamless and user-friendly experience for employees while also ensuring that the company network remains secure.

Presence-based-Logical-Access-OpenOTPTokenApp

SEEING
IS BELIEVING

Whether you are buying a car or a security solution, you always want to test drive it before signing on the dotted line. We know this and you know this.

Contact us for your Free PoC or check it out for yourself.

EN