OpenOTP Federation Services, Single Sign On and ADFS

OpenOTP Federation Services

Combining SSO & ADFS with a 2FA Solution

Combining SSO & MFA improves the security of your logins.

OpenOTP’s Single Sign-On (SSO) solution is easy to implement, convenient & time saving.
OpenOTP Security Suite includes an Identity Provider (IdP) allowing
federated identity management, commonly referred to as SSO.
OpenOTP OpenID & SAML IdP supports OpenID, OAuth and SAML2 standards.
Our IdP can be configured with both on premise and cloud applications.

SSO with RCDevs Security


IAM Solution for Cloud Environment

OpenOTP OpenID & SAML Identity Provider works with OpenOTP’s authentication back-end.

RCDevs’ SSO solution supports PKI-based authentication as well (with user certificates).

When users enter a website with SSO, a security association is established between the website, the user and the identity provider. The user is redirected to the identity provider for a trusted authentication process.

Compared to other OpenID and SAML implementations, RCDevs’ SSO solution is very easy to implement, provided that you already have a working WebADM server with an OpenOTP license. The setup consists of adding the OpenID/SAML WebApp in WebADM and configuring authentication and access policies.

For more details on how to implement our IdP, please read our
Online Documentation or contact RCDevs for a more personalized explanation.

Main Key Features

Supports SAML2, OpenID-Connect & OAuth2
Supports IdP or SP initiated requests for Cloud SSO
Return group memberships & configurable user attributes
Uses all OpenOTP authentication methods (see list below)
Supports full PKI authentication with user certificates
Easy corporate SAML/OpenID-Connect configuration with metadata URL
Application-Federated Access based on authentication & access policies
Supported SSO Standards
OpenOTP OpenID & SAML IdP supports all the commonly used Single-Sign-On protocols:

- SAML (Security Assertion Markup Language)
- OpenID Connect
- OAuth2
Please note OpenID v1.1 & v2.0 are deprecated and have been removed
SSO Integration Examples
OpenOTP OpenID & SAML IdP can integrate many cloud applications such as Office 365, AWS or Nextcloud, to name a few.

For some SSO integration examples, please check RCDevs' Online Documentation.

To read technical details on how to implement OpenOTP’s SSO Solution,
click on the image below

Screen Shot 2022-05-06 at 11.09.15

Microsoft ADFS
Multi-Factor Authentication & federation with Microsoft Web Applications

ActiveDirectory Federation Services (ADFS) is the new way for implementing Web-based authentication and Single-Sign-On (SSO) functionalities in Microsoft environments.
Current versions of Exchange and Sharepoint portals can use ADFS natively provided that an ADFS instance is running on the network.
Unlike Kerberos SSO, ADFS is for Web access and it supports federating your corporate services, Cloud applications and Office 365.

MICROSOFT ADFS with RCDevs Security

Enhance your ADFS infrastructure

Microsoft ADFS

RCDevs supports all federation through MICROSOFT ADFS

RCDevs provides an OpenOTP Authentication Provider (AP) for ADFS. OpenOTP AP is a component that integrates OpenOTP One-Time Password (OTP) and FIDO2 authentication into all your ADFS-enabled applications, whether web-based or thick clients (as in Outlook or Teams for example). Our Authentication Provider works with all authentication methods supported by the OpenOTP Server.

Mixed OTP & FIDO2 Login

OpenOTP for ADFS supports both OTP (with all OpenOTP one-time-password methods) and FIDO2 signed authentication. Provided that your users are enabled with either OTP Tokens, YubiKey, SMS or FIDO2 devices, the ADFS authentication process proposes user logon with any of the supported authentication method. RCDevs is currently the only solution which provides mixed OTP and FIDO2 for ADFS.


Key Features

Integrates with any ADFS-enabled application
Supports ActiveDirectory User Principal Names (UPN)
Supports LDAP, OTP and LDAP+OTP login modes
Supports thick clients like Outlook or Teams through Modern Authentication
Supports any OpenOTP method (Tokens, Yubikey, SMSOTP, MailOTP)
Supports both challenged OTP and concatenated passwords
Supports FIDO2 signed authentication
Compatible with

All Federation through Microsoft ADFS Solution

Outlook Web Access and Sharepoint
IIS Web Applications
Office 365
Other SAML-Enabled Applications
google apps

Instructions for how to secure an Active Directory Federation Services server with OpenOTP MFA server.

See how simple it is to integrate OpenOTP plugin for ADFS :