OpenOTP Windows Login & RDS – Supports Windows 7-11, Server 2012+, push/OTP/FIDO2.

OpenOTP Windows Logins

Secure Windows Login & RDS
with Multi Factor Authentication (MFA)

Add Multi-Factor Authentication for Microsoft Servers, Remote Desktop & App logins. Enjoy enhanced security, even for offline logins (using our OpenOTP Token app or FIDO2).

As businesses increasingly rely on Microsoft Remote Desktop Services (RDS) and Windows Server to enable remote access to enterprise systems and shared applications, securing these environments is paramount.

OpenOTP MFA strengthens your RDS and Windows logins by adding a robust layer of protection—supporting push notifications, OTP, and FIDO2 authentication—against unauthorized access and compromised credentials. Compatible with Windows 7-11, Server 2012+, and even offline setups, it seamlessly integrates into domain or standalone systems via RADIUS or LDAP.

This enhanced security not only safeguards sensitive data and ensures compliance with industry standards but also delivers peace of mind for users accessing critical resources remotely. With OpenOTP, you can deploy enterprise-grade MFA in minutes, fortifying your organization’s defenses in today’s interconnected digital landscape.

RCDevs helps you

Protect your Microsoft Operating System Access

Solution

Secure Windows Login & RDS with Multi Factor Authentication

RCDevs provides a Windows Credential Provider (CP) for Windows integrations. Our OpenOTP CP is your additional layer of protection for Windows login, remote access with Remote Desktop login & RDS.

Our latest version of OpenOTP CP supports both OTP and FIDO2 authentication mechanisms.
Any OpenOTP authentication method like Push Login, Yubikey, Hardware & software token, FIDO2 (except in RDS) is supported.

Our Credential Provider works in full AD environments but also in infrastructures without AD. Accounts can be separated from your AD (like in an OpenLDAP) and still be managed centrally.

  • Remote Desktop (RDS):
    Secure on-premise RDP sessions with MFA.
  • Windows Server:
    Add authentication to domain logins and portals.
  • Endpoints:
    Safeguard desktops and VMware environments.

Integrations

For Desktops & Laptops
Unlike any other MFA vendor, RCDevs supports MFA login, even for Windows users working offline, without access to the Internet or office. The unique capability is based on the RCDevs intelligent Credential Provider plugin installed on Windows endpoints as local authentication agents, providing an added layer of security to both Windows domain authentication and local machine access. When working online, users can authenticate with any preferred 2FA method (i.e. the convenient mobile app-based push authentication). When offline, the agents will automatically initiate offline login where users are presented with a QRCode that will generate an OTP for the session once scanned with the free OpenOTP Token mobile app.
With RCDevs Windows Login one can offer true enterprise grade MFA for Windows access with confidence, without risk of needing to revert back to username/password login as soon as network connectivity goes out or communication with authentication backends fail.

Complete guide on how to enable MFA on Windows Client Login
For Remote Desktop Services
RCDevs Credential Provider (CP) provides a full integration with Windows Server operating systems to add the market’s leading second-factor methods to Remote Desktop Services access. RCDevs CP supports all OpenOTP authentication methods on RDP login, seamlessly within the RDS login session, without redirects or additional buttons to click. RCDevs CP is delivered as an easy-to-install MSI package that can be deployed in a few minutes.

Complete guide on how to enable MFA on Windows Server Login
For AD Users
Completely integrated with Active Directory users, groups and policies.
For Local Users and Computers Out of Domain
Configure RCDevs OpenOTP servers and OpenOTP Credential Provider for Windows to authenticate local users using 2FA and for Windows on a computer out of the domain. Both scenarios require an LDAP server to store user metadata (Token metadata needs to be stored on a user account in WebADM even for local account authentication).

Complete guide on how to enable MFA on Local Users and Computers Out of Domain

Features

Key Features

Supports NT Domain-style login names like ‘Domain\Username’
Supports offline authentication with OpenOTP Token App & FIDO2 devices
Supports any OpenOTP method (Tokens, YubiKey, FIDO2, SMSOTP, eMailOTP)
Enterprise deployment with AD automated software deployment tools
Supports LDAP, challenged OTP & FIDO2 and Push login
Supports User Principal Names (UPN), implicit & explicit

Compatibility

Compatible with

Desktops & servers with Windows CP

All Windows Clients since Windows 7
All Windows Servers since 2008
Microsoft Remote Desktop Services
Microsoft Core Editions (not compatible with all features - see System requirements in documentation)

How to

See how simple it is to integrate OpenOTP for Windows Logins

OpenOTP Credential Provider for Windows

How to integrate OpenOTP with AD

Frequently Asked Questions – Windows & RDS Login

Can I use Google Authenticator for Windows Logins?
RCDevs Security recommends using the official OpenOTP Token App which provides additional security features and Push notifications . That being said, you can use Google Authenticator or any software token (as long as they are OATH Event-based (HOTP) & Time-based (TOTP) to perform a Windows login.
Check how RCDevs' OpenOTP Token app works as a Windows login credential provider.
Can I perform a Windows Login with a Smart Card?
You can authenticate with a smart card for both online and offline modes. Offline mode is possible either via QR Code or Fido key.

First, you need to configure the smart card through your MFA setup. Check the configuration documentation for smart card logins with RCDevs Security Solutions. After configuring, insert your smart card in the card reader. If the card is detected and the stored certificate can be used for logon, a new credential tile for the smart card will be prompted. You can select it and enter your PIN code. You will be logged in.
Documentation of windows login authentication with smart card.
Is a Windows Login using FIDO possible?
Yes, it is possible. You need to register the key and activate the client policy.

Unified IAM Federation

Native IAM Integration

OpenOTP is compatible with local directories such as Active Directory (AD) and LDAP, providing extensive support for on-premise environments. Additionally, it is natively integrated with EntraID, Okta, Google, Ping Identity, One Identity, and many other identity providers, enabling simple integration across diverse IAM systems.

Choose the method that best suits you

Authentication Methods

RCDevs’ IAM-MFA Cybersecurity Solutions Compatible with Strong Authentication Login Technologies

SEEING
IS BELIEVING

Whether you are buying a car or a security solution, you always want to test drive it before signing on the dotted line. We know this and you know this.

Contact us for your Free PoC or check it out for yourself.

Europe (Headquarters)
1 Boulevard du Jazz
4370 Esch-sur-Alzette
Luxembourg
United States (Office)
2415 Third Street, Suite 231
San Francisco, CA 94107
United States
© 2025 RCDevs Security SA. All Rights Reserved
EN
FR DE EN