OpenOTP Authentication Server
Get The Brochure
OpenOTP is an enterprise-grade user authentication solution based on open technologies. OpenOTP provides multiple (highly configurable) authentication schemes for your LDAP Domain users. The Multi-Factor authentication relies on One-Time Password technologies (OTP) and Universal Second Factor (U2F):
The OpenOTP solution is composed of several components including WebADM, OpenOTP SOAP/XML/JSON Web service, OpenOTP Radius Bridge, the User Self-service Desk and Self-Enrollment end-user Web Applications.
OpenOTP provides an unbeatable combination of cost-efficiency, security and easy of use to corporate and Web application access.
|Java Phones (J2ME)||Windows Mobile, Blackberry, Palm||Apple iPhone, iPad||Google Android|
In fact, any Token working in OATH HOTP/TOTP or OCRA mode is compatible.
c100 | c200
300 | 500
e1010 | t1020 | e2010
GO6 | GO3
You can use OpenOTP with:
|With OpenOTP QRCode key provisioning, Token self-registration has never been so easy.
No manual Token configuration or secret key input is required:
With Google Authenticator, users register their Software Token simply by scanning a registration barcode on their iPhone or Android mobile.
With Other Software Tokens, users simply scan the displayed Token Key with a barcode reader and copy/paste it to their Token key for registration.
OpenOTP includes end-user Web Applications (SelfDesk and SelfReg) for simplifying the deployment of your solution as much as possible. SelfDesk is an end-user self-management portal to be plugged into WebADM, and published on your corporate or public network.
SelfDesk allows end-users to self-configure some personal settings, update their account information (ex. mobile number or email address), download, register and resync their Software Tokens.
SelfReg is another WebApp where administrators can send a user email with a one-time self-registration URL. By clicking the URL and entering his password, the user can register, resync and test a software Tokens.
The use of HSM modules in OpenOTP is 100% transparent and the move to hardware cryptography can be done at any time without impacting your business. RCDevs WebADM server supports up to 8 HSM modules in hot-plug mode for fault-tolerance and increased performances.
- Supports OATH Event-based (HOTP), Time-based (TOTP) and Challenge-Response (OCRA) One-time Password standards.
- Supports FIDO Universal Second Factor (U2F).
- Includes PSKC Hardware Tokens (Vasco, Feitian...) key import system.
- Includes Hardware Token simple registration via serial number with WebADM Tokens Inventory.
- Software Software Token simple registration via QRCode scanning with Google Authenticator.
- Supports Mobile-OTP Software Tokens with PIN Code.
- Supports Yubikeys from Yubico.
- Supports SMS, Mail and Secure Mail One-time Password (on-demand & prefetched).
- SOAP/XML & JSON API (with WSDL service description) over HTTP/HTTPS.
- RADIUS API for VPNs and RADIUS-compatible devices (See OpenOTP Radius Bridge).
- OpenID API for OpenID-enabled websites (See OpenID Provider).
- Domain support with mappings to LDAP subtrees, LDAP groups or dedicated directories.
- Trust Domains allowing authentication to be securely relayed to another trusted OpenOTP server.
- Per-client application policies (group-based access control & authentication policy).
- Support multiple LDAP datasources (at the same time).
- Support hardware security modules with Yubico YubiHSM.
- No replication/import/synchronization of LDAP users. Our solutions use your LDAP users and groups.
- OpenOTP settings (security policies and Token types) can be adjusted per users or groups in LDAP.
- Built-in replay attack protection for Time-based Tokens.
- Many configurations available, adjustable per server/domain/group/user/client.
- Support for both LDAP direct and indirect (Active Directory) groups.
- Sensitive user data (such as Token keys) are encrypted in LDAP with AES-256.
- Geolocalization of user accesses with Google map reporting.
- SMSOTP supports Clickatell, AQL, OVH, Mpulse SMS gateways (with SMSHub).
- SMSOTP supports any SMPP-TR SMS gateways (with SMSHub).
- Per user location policies (IP address geolocalisation).
- Possibility to add any other HTTP or SOAP-based SMS Gateways (with SMSHub).
- OTP fallback mechanisms for SMS and Mail OTP (works with SMSC or mobile delivery failures).
- Emergency OTP (auto-expirable password with configurable life-time).
- PIN-protected OTPs (variable length and format).
- Includes high availability SMS gateway (SMSHub) for failover, load-balancing and custom SMSCs.
- User sessions locking and session duplicates protection (for clustered configurations).
- Customizable end-user messages for emails, SMS, SOAP, RADIUS messages.
- Full multilingual support for end-user messages with Unicode and UTF-8 (per-user language support).
- Comprehensive logging and accounting in SQL (accessible from the powerful WebADM Log Viewer).
- Configurable user blocking timers and blocking policies for authentication failures.
- Uses WebADM network Session Manager with AES-256 encrypted user sessions.
- Designed for scalability (supports failover and load-balancing).
- Easy installation, update and configuration in RCDevs WebADM.
- Mail and SQL system alerts.
- True random codes generator.