MFA-VPN Server (The VPN server with OTP and FIDO2)

RCDevs MFA-VPN is an Enterprise-grade VPN appliance designed for companies needing remote access to corporate networks and resources.

OpenOTP MFA-VPN is built on top of the very robust OpenVPN server technology and provides an extremely secure remote access gateway for your Active Directory or LDAP users, with pre-included multi-factor features like mobile Push login or FIDO2. MFA-VPN relies on your WebADM/OpenOTP Identity Management platform and also supports any MFA login methods provided by the OpenOTP server.
RCDevs helps you to

Secure your VPN endpoint

The RCDevs MFA-VPN client is provided for both Windows and MacOSX. Enabling VPN access for users has never been so easy: simply create an access group in Active Directory and a dedicated Client access policy, and you’re done.

MFA-VPN is the first remote access appliance to support the FIDO2 standard! As such, MFA-VPN can optionally authenticate users with Yubikey FIDO or Feitian USB devices. By combining the OpenOTP flexible OTP methods and FIDO2, MFA-VPN is also the world’s most advanced VPN server in terms of strong authentication features.
RCDevs recommends Sparklabs’ Viscosity for the VPN client. The latest version of Viscosity for Windows and MacOS has been enhanced by RCDevs and Sparklabs in order to support smooth Push notifications and FIDO2. Please contact RCDevs for a bundled offer.

The World’s first FIDO Enterprise VPN Server
MFA-VPN is a very unique VPN server as it supports both OTP and FIDO2 multi-factor technologies. FIDO2 is gaining in popularity because it provides a much richer user experience by relying on devices that do not require OTP code display like on OATH token devices. Instead, the user device starts blinking when establishing the VPN connection and the user just needs to press the device. Currently RCDevs supports USB FIDO2 devices from Yubico and Feitian. MFA-VPN will support Bluetooth devices in future versions.
Mobile Push with Simple Approve/Deny
MFA-VPN supports the OpenOTP’s Simple Push feature (OpenOTP Token required) where the user’s mobile phone is activated on-the-fly when the user starts the VPN connection. The VPN login transactions are displayed on the mobile phone and the user just needs to press ‘Approve’ to authenticate the remote connection. RCDevs mobile Push can be combined with other OpenOTP authentication methods like SMS or Hardware Token for fallback mechanisms.
Graphical Access Policies with WebADM
Defining your remote access policies has never been so simple: create access groups and client policies in RCDevs WebADM and your VPN server will implement user access with an unbeatable level of flexibility. WebADM client policies support group, domain, time and even geolocation-based access control. The WebADM audit provides full user activity reports with geolocation information.

Two OPENVPN Integration options

You may already use OpenVPN in your infrastructure or you need a new VPN server. RCDevs aims at responding the best to your requirements and also provides two deployment options for MFA-VPN.
Option 1: You need a new VPN server.
The MFA-VPN product is an Enterprise VPN server including the OpenVPN technology and RCDevs’ own MFA components. It is provided via Linux installation packages or a Virtual appliance.
Option 2: You already use an OpenVPN server.
RCDevs OpenVPN Bridge is a companion software service for OpenVPN which provides the MFA components needed to interact with the OpenOTP back-end.

Instructions for how to configure OpenOTP MFA-VPN Server.

See how simple it is to use OpenOTP MFA-VPN:

Contact us for a full OpenOTP online demo!

Test OpenOTP’s MFA now with our Free Online Demos!