OpenOTP Network Access Control

OpenOTP Network Access Control

Protect switches & improve wireless networks security with MFA

Network Access Control (NAC) keeps unauthorized users & IoT devices out of your private network.

NAC solutions have become an extremely valuable tool in recent years, as mobile devices and the Internet of Things (IoT) have surged to prominence in various industries across the world. Network access control technologies (NAC) provide a user/client authentication layer for your Ethernet switches and Wifi Access Points.
RCDevs helps you

Protect your Ethernet Switches & WiFi


Most companies are equipped with managed switches and Enterprise access points which support the IEEE 802.1X standard.

OpenOTP / RADIUS Bridge provides extended access control for wired and wireless networks by implementing a set of EAP protocols under 802.1X. Your employees must authenticate themselves in order to gain effective access to wired and physical networks.

– X.509 Certificates – Employees self-enroll certificates through an easy-to-use web-UI that is protected with one-time URLs and/or one-time codes, delivered via SMS for example. Certificate renewals, with users being automatically notified to re-enroll their certificate and are provided with a one-time URL to do this, are conveniently found in self-services.

– One-Time Passwords – Users can concatenate passwords with a one-time code from their preferred token provider, like OpenOTP Token App, RC200/300/400, or from any OATH compliant Hardware or Software Token.

– Push Login (approve/deny logins) – Using OpenOTP Token App, users can access Enterprise WiFi by simply pressing “Accept” on the Push login request directly sent to their mobile.

– Application Passwords – Users provide a personal, WiFi-specific and time-limited application password which has been pre-registered via the self-service web app.

– Voice Biometrics – Users are required to speak their security passphrase using the OpenOTP Token app in order to start the WiFi connection.

Main Features

Dynamic Access Control Lists
With OpenOTP RADIUS Reply Attributes, you can easily configure per-user or group access control metadata to be passed to your network devices during the user authentication process. A good example is VLAN access attributes which enable access to specific VLANs based on your WebADM IAM policies.
Enforce WebADM Client Policies per WiFi Network (SSID)
RCDevs 802.1X for Wifi is fully compatible with WebADM client policies. This means you can define access control policies for each of your Wifi SSIDs.  Client policies allow controlling which groups of users can access the network, at what time and even based on LDAP metadata filtering.
WiFi Access with Client Certificates
WebADM includes a full PKI and some very simple certificate management interfaces. A user certificate can also be used to transparently provide access to the WiFi network. Revoking WiFi access is as simple as removing the certificate from the user object.

Key Features

Supported on Enterprise Wifi with EAP-TLS
Supports LDAP, OTP, Push and LDAP+OTP login modes
Convenient Two-Factor with password concatenation
Per user and group reply attributes for Ethernet & VLAN based access
Authentication policies per client application or group of users
Supports any OpenOTP method (Tokens, Yubikey, Push, Voice Biometrics, SMSOTP, MailOTP, etc...)
Compatible with

Non-exhaustive list of OpenOTP compliant products

Cisco WiFi using the EAP-GTC technology
WiFi devices supporting Enterprise RADIUS with EAP-TTLS-PAP
See how simple it is to integrate OpenOTP with WiFi