Draft:OpenOTP Security Suite

OpenOTP Security Suite[1] is a linux based authentication solution that provides Multi-Factor Authentication (MFA),Identity and Access Management (IAM), PKI and Federation capabilities. It is managed in a web platform called WebADM. It is OATH certified.[2]

It is developed by RCDevs Security, headquartered in Luxembourg.

This IAM-MFA solution[3] stands out because it is deployed on premise when most competitors offer cloud solutions only. OpenOTP provides interfaces including SOAP, REST, JSON-RPC and RADIUS. The native SOAP API is provided with a WSDL service description file

Key Features

edit
  • Full MFA, IAM & Federation:

Strengthens network access security with multi-factor authentication. Manages user identities and access controls. Enables federation for integrations with other systems.

  • Deployment:

OpenOTP Security Suite is available for installation on Linux and RedHat/Debian systems. They offer three repositories with different levels of stability for package updates.

  • Centralized Management:

Provides a central point for managing network access and users through the WebADM platform.

  • High Availability:

Includes 2 active/active servers for handling high traffic and upgrades. Additional servers can be purchased.

  • Broad Authentication Support:

Compatible with FIDO2 security keys, OATH software and hardware tokens, passkeys, PKI and more.

  • Official Mobile App:

OpenOTP Token App is a free app available on iOS and Google Play. Just like other software tokens, it can be used to manage all authentication tokens from various platforms.

Features are:

  • Push notifications for login approvals
  • Biometric authentication for secure access
  • Anti-phishing alerts to protect against scams
  • Geo-mapping protection for added security
  • Mobile Badging
  • Presence-based logical access with AD Account self lock-out system

Integrations, bridges, plugins & solutions

edit
  • IAM
  • VPN & SSL VPN Access
  • MFA for Windows Login (Online and Offline)
  • MFA for Remote Desktop Services
  • MFA for Cloud Applications (SAML2, OpenID Connect, OAuth)
  • MFA for legacy Applications (through LDAP)
  • Single Sign-On (with OpenOTP Identity Provider)
  • Full PKI (Public Key Infrastructure)
  • Network Access Control (NAC) for WiFi & office switches
  • Zero Trust
  • Conditional & Contextual Access options
  • Per Application Access Policies
  • Per User & Group Access Policies
  • Blocking Policies
  • Extended Policies per Network and Geolocation
  • Risk-based Access Policies
  • PAM
  • OATH TOTP/HOTP Hardware Token Authentication
  • OATH TOTP/HOTP Software Token Authentication
  • OCRA Authentication
  • Mobile Push Authentication (OpenOTP Token App)
  • Mobile Badging (OpenOTP Token App) & Badging IAM Policies
  • Automatic Token Resynchronization
  • Yubikey[4] Authentication
  • SMS & Email & Secure Mail Authentication
  • FIDO2 Authentication
  • Google Passkey[5] Authentication
  • Apple PassKey[6] Authentication
  • Printed OTP Authentication
  • Biometric Mobile Token
  • Fallback OTP Methods
  • Multi-Domain
  • Multiple Tokens Per User
  • Secure Mobile Token Enrollment
  • OTP via RADIUS (RADIUS Bridge)
  • OTP via LDAP (LDAP Bridge)
  • Challenge-Based and Concatenated OTP
  • LDAP User & Group Management
  • LDAP Backend Overload Protection
  • Presence-based Logical Access
  • Agreement-based Logical Access
  • Step-Up / Step-Down Policies
  • Intelligent Geo-Fencing
  • Phishing Protection (OpenOTP Token App)
  • Botnet & public VPN detection
  • Replay Attack Protection
  • Deny of Service Protection
  • Native Support of Active Directory
  • Audit Database with User Geolocation
  • Integrated PKI
  • Self Service Desk
  • Self Enrollment via Link in Email
  • Secure Password Reset
  • Leaked Password Protection
  • SAML Federation Services
  • OpenID-Connect Federation Services
  • OAUTH2 Federation Services
  • ADFS Plugin
  • Windows Login Plugin
  • Windows eSignature Plugin (QuickSign)
  • WiFi Authentication
  • Ethernet Authentication
  • RPC-Based Management API
  • Helpdesk Application (Delegated Management)
  • Prioritized Mobile Push Service
  • Hardware Encryption (HSM)
  • High Availability Connectors
  • Active-Active Clustering
  • SIEM Server Integration
  • SLA and Support Services (Optional)
  • PSD2-Compliant Transaction Signing
  • eSignature with Mobile Push and QRCodes
  • Synchronous and Asynchronous Signing APIs
  • eSignature of Terms & Conditions
  • eSignature of User Forms
  • Handwritten eSignature with Initials

See also

edit

References

edit
  1. ^ "Secure Your Systems with OpenOTP IAM-MFA Solutions - RCDevs Security".
  2. ^ "OATH Certified Products | OATH - initiative for open authentication". May 28, 2013. Archived from the original on May 28, 2013. Retrieved May 24, 2024.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  3. ^ "La cybersécurité, une question de survie". paperjam.lu.
  4. ^ "RCDevs OpenOTP".
  5. ^ "Create a passkey for your Google Account". www.google.com.
  6. ^ "Use passkeys to sign in to apps and websites on iPhone". Apple Support.