OpenOTP Authentication Server

OpenOTP Authentication Server

OpenOTP™ Server (Multi-Factor with OTP and FIDO-U2F)

authentication-server-white

OpenOTP™ is an enterprise-grade user authentication solution based on open standards.

OpenOTP provides many (highly configurable) authentication schemes for your Domain users. It supports the combinations of single-factor and multi-factor user access with One-Time Password technologies (OTP) and Universal Second Factor (FIDO-U2F).

Discover RCDevs OpenOTP Security Suite

How to securely log in using One finger

RCDevs helps you to

Secure your Domain users

openotp_box1
OpenOTP provides interfaces including SOAP, REST, JSON-RPC and RADIUS. The native SOAP API is extremely simple and is provided with a WSDL service description file. It is also very easy to implement OpenOTP One-Time Password and/or U2F functionalities into your existing Web applications. Additional integration software from RCDevs provide support for Windows, ADFS, Linux and even Wifi access.
One-Tap Mobile Authentication
RCDevs OpenOTP Token for Android and IOS provides convenient authentication workflows with mobile push notifications. Our software Token has also been designed for the best user experience with two additional operating modes: In the standard mode, the Token gets notified during the login process and displays the transaction details with the OTP code. For more convenience, it can optionally speak the OTP. Of course the spoken codes cannot be spoofed and are usable for the ongoing user transaction only. Then comes the Simple-Push mode where the Token displays the transaction details and expects the user approval with a one-tap action (with ‘Approve/Deny’). Best of all, our Token is able to enforce biometric unlock and phishing attack mitigation by validating the user access locations.
Application Passwords
Application passwords are long random keys which can be generated by the users in the Self-Services and are specific to a client application. These keys can be used as replacement to the default login when the application does not support OTP nor U2F. The typical use-case is a mail server which is accessed via mobile devices. The mail clients on the devices are configured with the mail server application’s password to avoid entering the OTP password at every connection.
Contextual authentication
OpenOTP contextual authentication is able to intelligently lower the security requirement for a user login when a trusted context is validated. The trusted login context relies on the user’s IP addresses combined with client device fingerprints. When a login context is trusted, the user logs in with the single factor (the domain password). If a login failure occurs, multi-factor is enforced again.
QRCode Key Provisioning
With OpenOTP QRCode key provisioning, Token self-registration has never been so easy. No manual Token configuration or secret key input is required: With Google Authenticator or FreeOTP, users register their Software Token simply by scanning a registration QRCode on their iPhone or Android mobile device. With other Software Tokens, users simply scan the displayed Token Key with a barcode reader and copy/paste it to their Token key for registration.
OpenOTP WebApps
Software Token technologies require the end-user to download the mobile software, enroll the mobile Token on the authentication server, and sometime to resynchronize the OTP generator. OpenOTP includes end-user Web Applications (SelfDesk and SelfReg) for simplifying the deployment of your solution as much as possible. RCDevs’ Self Services provides self-management end-user portals to be published on your corporate or public network.
RCDevs SelfDesk allows end-users to self-configure some personal settings, update their account information (ex. mobile number or email address), download, register and resync their Software Tokens.
SelfReg is another WebApp where administrators can trigger a user email with a one-time self-registration URL. By clicking the URL and entering his password, the user can register, resync and test Tokens.
PwReset allows users to securely reset their lost or expired Domain passwords with Token / SMS OTP, PKI and even U2F.
Hardware Security Modules
OpenOTP complies with the highest security requirements by supporting Hardware Security Modules (HSM). The YubiHSM hardware modules from Yubico (https://www.yubico.com/products/yubihsm/) can be used in order to enforce hardware cryptography in OpenOTP with AES encryption of Token seeds and true random generation for SMS/Email OTPs, OCRA challenges, OTP lists.The use of HSM modules in OpenOTP is 100% transparent and the migration to hardware cryptography can be done at any time without impacting your business. RCDevs WebADM server supports up to 8 HSM modules in hot-plug mode for fault-tolerance and increased performances.
OpenOTP Trusted Domains
Trusts are special Domains which do not correspond to a set of local LDAP users but a set of users on a remote OpenOTP installation. The Trust system works like an authentication proxy for remote domains (within a trusted organization) and maps a local virtual Domain name to a remote Domain on another WebADM server.
OpenOTP provides interfaces including SOAP, REST, JSON-RPC and RADIUS. The native SOAP API is extremely simple and is provided with a WSDL service description file. It is also very easy to implement OpenOTP One-Time Password and/or U2F functionalities into your existing Web applications. Additional integration software from RCDevs provide support for Windows, ADFS, Linux and even Wifi access.
Web Applications (Java, PHP, ASP, Python, .Net…)
VPNs and SSL-VPNs (Checkpoint, Cisco, Nortel, Juniper, F5, Palo-Alto…)
OpenVPN Variants and PFsense
Citrix Access Gateway & Web Interface
Microsoft Reverse-Proxies (TMG / UAG / 2012 Server)
Microsoft ADFS (Exchange, Sharepoint…)
Linux PAM (SSH, FTP, OpenVPN, PPTP, POP/IMAP…)
Windows Login (Credential Provider for Vista, 7, 8)
Web Products (SugarCRM, Joomla, WordPress, RoundCube, Magento…)
OpenID-enabled Web Sites (Livejournal, Sourceforge…)
Corporate SAML and Google Apps
Cloud Applications (SalesForce, SugarCRM, GoToMeeting…)
Enterprise Wifi Access (with EAP-GTC and EAP-TTLS-PAP)
Amazon Elastic Compute Cloud (EC2 / AWS)
Any other system (Using our simple integration libraries)

Main Key features

Supports any OATH Hardware or Software Token (HOTP, TOTP or OCRA)
Supports Mobile-OTP Software Tokens with PIN code
Supports all Yubikeys from Yubico
Supports FIDO Universal Second Factor devices (U2F)
Supports SMS, Mail and Secure Mail OTP (on-demand & prefetched)
Secure Token Inventory with easy graphical management in WebADM
Up to 10 simultaneous Tokens per-user (Hardware / Software)
PSKC Hardware Token seed import system (Vasco, Feitian, Gemalto…)
Easy Hardware Token registration via serial number
Easy Software Token registration via QRCode scanning
Intelligent contextual authentication with IP address and device fingerprint
Application-specific password for mobile applications not supporting OTP
SOAP, REST & JSON native APIs over HTTPS with WSDL service description
RADIUS for VPNs and RADIUS-enabled systems (OpenOTP Radius Bridge)
OpenID API for OpenID-enabled websites (OpenID Service Provider)
SAMLv2 IdP with POST redirections and IdP-initiated requests
Domain segregation with mappings to LDAP subtrees or dedicated LDAP
Trust Domains allowing authentication to be relayed to another OTP server
Per-client, group and network authentcation policies
Group-based access control & authentication policies
Support hardware security modules with Yubico YubiHSM
Data consistency with no replication/import/synchronization of LDAP users
Advanced replay attack protection for Tokens
Many configurations adjustable per server, domain, group, user, client
Two-Factor with challenged OTP or password concatenation
Support for both LDAP direct and indirect (Active Directory) groups
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation
Two-Factor with challenged OTP or password concatenation

Authentication methods

RCDevs’ Multi-Factor Authentication relies on One-Time Password Technologies (OTP) and FIDO Universal Second Factor (U2F):
Software Tokens
OATH Event, Time and Challenge -based
Software Tokens
Mobile-OTP (mOTP) Software Tokens
Hardware Tokens
OATH Event, Time and Challenge -based
Mobile Phone
SMS OTP (On-Demand and Prefetched)
Signed Authentication
FIDO Universal Second Factor (U2F)
Mailbox
Mail and Secure Mail OTP (PIN Mailer)
Yubikey Tokens
YubiKey Standard, Nano
Printed List
Printed OATH One-Time Password Lists

Software Tokens mobile platform

Supported Mobile Devices (Software Tokens)

504px-Android_robot

Google Android

All the mobile using the operating system developed by Google.
apple_logo_PNG19670

Apple iPhone, iPad

All the lastest Iphone, and IPad
phone-rcdevs

Compatible Hardware Tokens

If you are an OATH Software Token Developper and you want to be listed as an OpenOTP compatible software, please click below
RCDevs-Token-Card-VC-200E

RCDevs RC400

Type: OATH Time-based (TOTP)
Publisher: RCDevs SA
RC300-47percentSmaller

RCDevs RC300

Type: OATH Time-based (TOTP)
Publisher: RCDevs SA
RCDevs-6-DIGITS

RCDevs RC200

Type: OATH Time-based (TOTP)
Publisher: RCDevs

yubikey

Yubico YubiKey

Type: Yubikey Event-based
Publisher: Yubico
otpc100

Feitian c100 & c200

Type: OATH Event-based (HOTP) & Time-based (TOTP)
uniotp

SecuTech UniOTP 300 & 500

Type: OATH Event-based (HOTP) & Time-based (TOTP)
SmartDisplayer

SmartDisplayer e1xxx, t1xxx & e2xxx series

Type: OATH Event-based (HOTP), Time-based (TOTP) & Challenge (OCRA)
vasco

Vasco Digipass GO6 OATH

Type: OATH Event-based (HOTP) & Time-based (TOTP)

To request an online demo, you only have to create your account or contact us.

Online Demos are available for free to let you try RCDevs multi-factor in 5 minutes and authenticate with your mobile or Yubikey.