LinOTP is an enterprise level solution for strong authentication, developed and maintained by KeyIdentity GmbH, scaling from small individual installations through middle sized company scenarios to Cloud-Provider requirements.
This is possible through the modularity of LinOTP. Around a server core with defined interfaces there are module families making it easy to integrate LinOTP in your current and future IT scenarios.
When your needs grow from a few users to a several thousand users and more, LinOTP can grow with your needs and adapt to the changes in your IT environment.
LinOTP is not only able to scale through modularity, but is also future proof. Integrating a new user storage or token is always possible without changing the Core.
The LinOTP Server
- OATH certified authentication and token handling,
- an extensive Policy Framework allowing detailed definitions of administrative roles, authentication rules, token properties and more,
- support for various database backends:
- IBM DB2,
- APIs for
- validation and authentication,
- self service,
- user ID resolver
- audit log
- and more
The LinOTP API gives your applications full access to all capabilities of LinOTP. You can completely manage and use LinOTP using the API and write your own tools to integrate LinOTP in your own workflows.
- PKCS11/HSM support for Hardware Security Modules like the SafeNet Luna SA
User ID Resolver
The LinOTP UserIDResolvers are the connection to your user store. The UserIDResolvers only need read access.
Currently LinOTP supports:
- Users stored in LDAP. This allows LinOTP to connect to:
- Microsoft Active Directory (via LDAP or LDAPS, only read access needed, no schema extension),
- 389 Server,
- Novell eDirectory,
- any LDAP interface adhering to the protocol standards.
- Users stored in SQL databases
- IBM DB2
- MS-SQL is possible with additional OSS libraries.
All OATH compliant tokens are supported by LinOTP.
In addition LinOTP supports mOTP and allows, in partnership with the token vendors, to integrate some proprietary token algorithms.
LinOTP provides some special tokens allowing for
- soft migrations from closed platforms,
- multiple users for one token,
- daily changing logins,
- LinOTP servers in different VLANs with a central management server
- Import of PSKC, CSV, Vasco DPX, Safenet XML and DAT and Feitian XML files
- Programmable tokens (Yubikey, SafeNet eToken Pass, Safenet eToken NG) can be initialized by LinOTP in conjunction with our native Management Clients for Windows and Linux.
- The command line management interface allows a mass enrollment of all programmable tokens.
- Yubico Yubikey in OATH mode
- Yubico Yubikey authentication against Yubico Cloud service
- Yubico Yubikey in AES mode
- Feitian C-100 (HOTP)
- Feitian C-200 (TOTP)
- Feitian C-300 (OCRA)
- Feitian c601 (optical OCRA)
- SafeNet eToken Pass
- SafeNet eToken NG OTP
- SafeNet Safeword Alpine
- Vasco Digipass Go (OATH)
- NagraID 106/103
- NagraID 306 (OCRA)
- KeyIdentity QR-TAN Token
- SMS token
- by integrating an SMS Device,
- by connecting to an HTTP Gateway or SMS Provide (supporting Proxys and HTTPS),
- by connecting to a SMTP Gateway or SMS Provider
- E-Mail Token by connecting to an SMTP Server,
- OATH or motp compliant mobile applications:
- Google Authenticator
- KeyIdentity Remote Token
- KeyIdentity Radius Token
- KeyIdentity Simple Pass token
- KeyIdentity Tagespasswort Token
- Lost token
- Paper token
- management via web interface or command line client
- management via native client (GTK)
- Management functions:
- enroll/assign tokens
- synchronize, resynchronize, automatic resychronization
- activate/deactivate/delete tokens
- lost token scenario
- find token by OTP value
- get OTP value
KeyIdentity Smart Virtual Appliance
The KeyIdentity Smart Virtual Appliance offers the full functionality of LinOTP as an up to date solution out of the box. It is part of the KeyIdentity Enterprise Support solutions.
LinOTP Enterprise support
- Maintenance and support
- Virtual Appliance
- Hardware Appliance