Home / Products / Openotp
OpenOTP Authentication Server
The OpenOTP solution is composed of several components including WebADM
OpenOTP SOAP/XML/JSON Web service, OpenOTP Radius Bridge
, the User Self-service Desk and Self-Enrollment
end-user Web Applications.
OpenOTP provides an unbeatable combination of cost-efficiency, security and easy
of use to corporate and Web application access.
|Supported Mobile Devices (Software Tokens)|| |
| OpenOTP supports multiple One-Time Password standards (OATH HOTP/TOTP/OCRA, Mobile-OTP, YubiKey, SMSOTP or MailOTP).
Software Tokens are provided by various publishers for any mobile platform such as:|
|Java Phones (J2ME)
||Windows Mobile, Blackberry, Palm
||Apple iPhone, iPad
Click here for a list of compatible Free Software Tokens from various publishers.
|Certified Hardware Tokens|| |
| OpenOTP supports a large variety of OATH Hardware Tokens from many Token manufacturers.|
In fact, any Token working in OATH HOTP/TOTP or OCRA mode is compatible.
Please contact us for a Hardware Token Solution.
|Where to Use OpenOTP|| |
| OpenOTP provides SOAP, XML-RPC, JSON, JSON-RPC and RADIUS interfaces. The SOAP API is provided with a WSDL service description file.
It is also very simple to implement OpenOTP One-Time Password functionalities into your existing Web applications.
Sample login pages are available in the Downloads section.|
You can use OpenOTP with:
- Web Applications (Java, PHP, ASP, .Net... integration)
- VPNs (Checkpoint, Cisco, Nortel, Juniper, F5, OpenVPN...)
- Citrix Access Gateway & Web Interface
- Microsoft ISA/TMS, Exchange, Sharepoint
- Linux PAM (SSH, FTP, OpenVPN, PPTP, POP/IMAP...)
- Windows Login (Credential Provider for Vista, 7, 8)
- Web-based Products (SugarCRM, Joomla, RoundCube...)
- OpenID-enabled Web Sites (OpenID Provider)
- SAML and Google Apps (With SimpleSAML Plugin)
- Amazon Elastic Compute Cloud (EC2)
- Any other system (Using our simple integration libraries)
|QRCode Key Provisioning|| |
||With OpenOTP QRCode key provisioning, Token self-registration has never been so easy.
No manual Token configuration or secret key input is required:
With Google Authenticator,
users register their Software Token simply by scanning a registration barcode on their iPhone or Android mobile.
With Other Software Tokens, users simply scan the displayed Token Key with a barcode reader and copy/paste it to their
Token key for registration.
|OpenOTP WebApps|| |
Software Token technology requires the end-user to download the mobile software, register the initial
Token Key on the authentication server, and sometime to resynchronize the OTP generator.|
OpenOTP includes end-user Web Applications (SelfDesk and SelfReg) for simplifying the deployment of your solution as much as possible.
SelfDesk is an end-user self-management portal to be plugged into WebADM, and published on your corporate or public network.
SelfDesk allows end-users to self-configure some personal settings, update their account information (ex. mobile number or email address),
download, register and resync their Software Tokens.
SelfReg is another WebApp where administrators can send a user email with a one-time self-registration
URL. By clicking the URL and entering his password, the user can register, resync and test a software Tokens.
|OpenOTP Trusted Domains|| |
Trusts are special Domains which do not correspond to a set of local LDAP users but a set of users on a remote OpenOTP installation.
The Trust system works like an authentication proxy for remote domains (within a trusted organization) and maps a local virtual
Domain name to a remote Domain on another WebADM server.
|Other Key Features|| |
- Supports OATH Event-based (HOTP), Time-based (TOTP) and Challenge-Response (OCRA) One-time Password standards.
- Includes PSKC Hardware Tokens (Vasco, Feitian...) key import system.
- Includes Hardware Token simple registration via serial number with WebADM Tokens Inventory.
- Software Software Token simple registration via QRCode scanning with Google Authenticator.
- Supports Mobile-OTP Software Tokens with PIN Code.
- Supports Yubikeys from Yubico.
- Supports SMS, Mail and Secure Mail One-time Password (on-demand & prefetched).
- SOAP/XML & JSON API (with WSDL service description) over HTTP/HTTPS.
- RADIUS API for VPNs and RADIUS-compatible devices (See OpenOTP Radius Bridge).
- OpenID API for OpenID-enabled websites (See OpenID Provider).
- Domain support with mappings to LDAP subtrees, LDAP groups or dedicated directories.
- Trust Domains support allowing authentication to be securely relayed to another trusted OpenOTP server.
- Per-client application policies (group-based access control & authentication policy).
- Support multiple LDAP datasources (at the same time).
- No replication/import/synchronization of your LDAP users. Our solutions use your LDAP users and groups.
- OpenOTP settings (security policies and Token types) can be adjusted per users or groups in LDAP.
- Built-in replay attack protection for Time-based Tokens.
- Many configurations available, adjustable per server/domain/group/user/client (through 100% Web interface).
- Support for both LDAP direct and indirect (Active Directory) groups.
- Sensitive user data (such as Token keys) are encrypted in LDAP with AES-256.
- Geolocalization of user accesses with Google map reporting.
- SMSOTP supports Clickatell, AQL, OVH, Mpulse SMS gateways (with SMSHub).
- SMSOTP supports any SMPP-TR SMS gateways (with SMSHub).
- Per user location policies (IP address geolocalisation).
- Possibility to add any other HTTP or SOAP-based SMS Gateways (with SMSHub).
- OTP fallback mechanisms for SMS and Mail OTP (works with SMSC or mobile delivery failures).
- Emergency OTP (auto-expirable password with configurable life-time).
- PIN-protected OTPs (variable length and format).
- Includes high availability SMS gateway (SMSHub) for failover, load-balancing and custom SMSCs.
- User sessions locking and session duplicates protection (for clustered configurations).
- Customizable end-user messages for emails, SMS, SOAP, RADIUS messages.
- Full multilingual support for all end-user messages with Unicode and UTF-8 (per-user language support).
- Comprehensive logging and accounting in SQL (accessible from the powerful WebADM Log Viewer).
- Configurable user blocking timers and blocking policies for authentication failures.
- Uses WebADM network Session Manager with AES-256 encrypted user sessions.
- Designed for scalability (supports failover and load-balancing).
- Easy installation, update and configuration in RCDevs WebADM.
- Mail and SQL system alerts.
- True random codes generator.
RCDevs recieved the Sesame Award for the best innovation Discovery and the Commendation Award at SC Awards for the Best SME Security Solution.
RCDevs is a contributor of OATH and OpenOTP is OATH-Certified since 2011.