Draft:OpenOTP Security Suite

OpenOTP Security Suite is a linux based authentication solution that provides Multi-Factor Authentication (MFA),Identity and Access Management (IAM), PKI and Federation capabilities. It is managed in a web platform called WebADM. It is OATH certified.

It is developed by RCDevs Security, headquartered in Luxembourg.

This IAM-MFA solution stands out because it is deployed on premise when most competitors offer cloud solutions only. OpenOTP provides interfaces including SOAP, REST, JSON-RPC and RADIUS. The native SOAP API is provided with a WSDL service description file

Key Features
Strengthens network access security with multi-factor authentication. Manages user identities and access controls. Enables federation for integrations with other systems. OpenOTP Security Suite is available for installation on Linux and RedHat/Debian systems. They offer three repositories with different levels of stability for package updates.
 * Full MFA, IAM & Federation:
 * Deployment:

Provides a central point for managing network access and users through the WebADM platform. Includes 2 active/active servers for handling high traffic and upgrades. Additional servers can be purchased. Compatible with FIDO2 security keys, OATH software and hardware tokens, passkeys, PKI and more. OpenOTP Token App is a free app available on iOS and Google Play. Just like other software tokens, it can be used to manage all authentication tokens from various platforms.
 * Centralized Management:
 * High Availability:
 * Broad Authentication Support:
 * Official Mobile App:

Features are:
 * Push notifications for login approvals
 * Biometric authentication for secure access
 * Anti-phishing alerts to protect against scams
 * Geo-mapping protection for added security
 * Mobile Badging
 * Presence-based logical access with AD Account self lock-out system

Integrations, bridges, plugins & solutions

 * IAM
 * VPN & SSL VPN Access
 * MFA for Windows Login (Online and Offline)
 * MFA for Remote Desktop Services
 * MFA for Cloud Applications (SAML2, OpenID Connect, OAuth)
 * MFA for legacy Applications (through LDAP)
 * Single Sign-On (with OpenOTP Identity Provider)
 * Full PKI (Public Key Infrastructure)
 * Network Access Control (NAC) for WiFi & office switches
 * Zero Trust
 * Conditional & Contextual Access options
 * Per Application Access Policies
 * Per User & Group Access Policies
 * Blocking Policies
 * Extended Policies per Network and Geolocation
 * Risk-based Access Policies
 * PAM
 * OATH TOTP/HOTP Hardware Token Authentication
 * OATH TOTP/HOTP Software Token Authentication
 * OCRA Authentication
 * Mobile Push Authentication (OpenOTP Token App)
 * Mobile Badging (OpenOTP Token App) & Badging IAM Policies
 * Automatic Token Resynchronization
 * Yubikey Authentication
 * SMS & Email & Secure Mail Authentication
 * FIDO2 Authentication
 * Google Passkey Authentication
 * Apple PassKey Authentication
 * Printed OTP Authentication
 * Biometric Mobile Token
 * Fallback OTP Methods
 * Multi-Domain
 * Multiple Tokens Per User
 * Secure Mobile Token Enrollment
 * OTP via RADIUS (RADIUS Bridge)
 * OTP via LDAP (LDAP Bridge)
 * Challenge-Based and Concatenated OTP
 * LDAP User & Group Management
 * LDAP Backend Overload Protection
 * Presence-based Logical Access
 * Agreement-based Logical Access
 * Step-Up / Step-Down Policies
 * Intelligent Geo-Fencing
 * Phishing Protection (OpenOTP Token App)
 * Botnet & public VPN detection
 * Replay Attack Protection
 * Deny of Service Protection
 * Native Support of Active Directory
 * Audit Database with User Geolocation
 * Integrated PKI
 * Self Service Desk
 * Self Enrollment via Link in Email
 * Secure Password Reset
 * Leaked Password Protection
 * SAML Federation Services
 * OpenID-Connect Federation Services
 * OAUTH2 Federation Services
 * ADFS Plugin
 * Windows Login Plugin
 * Windows eSignature Plugin (QuickSign)
 * WiFi Authentication
 * Ethernet Authentication
 * RPC-Based Management API
 * Helpdesk Application (Delegated Management)
 * Prioritized Mobile Push Service
 * Hardware Encryption (HSM)
 * High Availability Connectors
 * Active-Active Clustering
 * SIEM Server Integration
 * SLA and Support Services (Optional)
 * PSD2-Compliant Transaction Signing
 * eSignature with Mobile Push and QRCodes
 * Synchronous and Asynchronous Signing APIs
 * eSignature of Terms & Conditions
 * eSignature of User Forms
 * Handwritten eSignature with Initials