LinOTP Features

LinOTP is an enterprise level solution for strong authentication, developed and maintained by LSE Leading Security Experts GmbH, scaling from small individual installations through middle sized company scenarios to Cloud-Provider requirements.

This is possible through the modularity of LinOTP. Around a server core with defined interfaces there are module families making it easy to integrate LinOTP in your current and future IT scenarios.

When your needs grow from a few users to a several thousand users and more, LinOTP can grow with your needs and adapt to the changes in your IT environment.

LinOTP is not only able to scale through modularity, but is also future proof. Integrating a new user storage or token is always possible without changing the Core.

The LinOTP Server

  • OATH certified authentication and token handling,
  • an extensive Policy Framework allowing detailed definitions of administrative roles, authentication rules, token properties and more,
  • support for various database backends:
    • MySQL,
    • Postgresql,
    • SQLite,
    • Oracle,
    • IBM DB2,
  • APIs for
    • management,
    • validation and authentication,
    • self service,
    • user ID resolver
    • audit log
    • and more

    The LinOTP API gives your applications full access to all capabilities of LinOTP. You can completely manage and use LinOTP using the API and write your own tools to integrate LinOTP in your own workflows.

  • PKCS11/HSM support for Hardware Security Modules like the SafeNet Luna SA

User ID Resolver

The LinOTP UserIDResolvers are the connection to your user store. The UserIDResolvers only need read access.

Currently LinOTP supports:

  • Users stored in LDAP. This allows LinOTP to connect to:
    • Microsoft Active Directory (via LDAP or LDAPS, only read access needed, no schema extension),
    • OpenLDAP,
    • 389 Server,
    • Novell eDirectory,
    • any LDAP interface adhering to the protocol standards.
  • Users stored in SQL databases
    • MySQL
    • Postgresql
    • SQLite
    • Oracle
    • IBM DB2
    • MS-SQL is possible with additional OSS libraries.

Supported Token

All OATH compliant tokens are supported by LinOTP.

In addition LinOTP supports mOTP and allows, in partnership with the token vendors, to integrate some proprietary token algorithms.

LinOTP provides some special tokens allowing for

  • soft migrations from closed platforms,
  • multiple users for one token,
  • daily changing logins,
  • LinOTP servers in different VLANs with a central management server
and many other scenarios.

  • Import of PSKC, CSV, Vasco DPX, Safenet XML and DAT and Feitian XML files
  • Programmable tokens (Yubikey, SafeNet eToken Pass, Safenet eToken NG) can be initialized by LinOTP in conjunction with our native Management Clients for Windows and Linux.
  • The command line management interface allows a mass enrollment of all programmable tokens.

Hardware Token

  • Yubico Yubikey in OATH mode
  • Yubico Yubikey authentication against Yubico Cloud service
  • Yubico Yubikey in AES mode
  • Feitian C-100 (HOTP)
  • Feitian C-200 (TOTP)
  • Feitian C-300 (OCRA)
  • Feitian c601 (optical OCRA)
  • SmartDisplayer
  • SafeNet eToken Pass
  • SafeNet eToken NG OTP
  • SafeNet Safeword Alpine
  • Vasco Digipass Go (OATH)
  • NagraID 106/103
  • NagraID 306 (OCRA)

Software Token

  • LSE QR-TAN Token
  • SMS token
    • by integrating an SMS Device,
    • by connecting to an HTTP Gateway or SMS Provide (supporting Proxys and HTTPS),
    • by connecting to a SMTP Gateway or SMS Provider
  • E-Mail Token by connecting to an SMTP Server,
  • OATH or motp compliant mobile applications:
    • FreeOTP
    • Google Authenticator
    • DroidOTP
    • ...

Special Token

  • LSE Remote Token
  • LSE Radius Token
  • LSE Simple Pass token
  • LSE Tagespasswort Token
  • Lost token
  • Paper token

Audit Log

  • SQL Audit module to meet PCI-DSS requirements
  • Management GUI

    • management via web interface or command line client
    • management via native client (GTK)
    • Selfservice
    • Management functions:
      • enroll/assign tokens
      • synchronize, resynchronize, automatic resychronization
      • activate/deactivate/delete tokens
      • autoassignment
      • lost token scenario
      • find token by OTP value
      • get OTP value

    LSE LinOTP Smart Virtual Appliance

    The LSE LinOTP Smart Virtual Appliance offers the full functionality of LinOTP as an up to date solution out of the box. It is part of the LSE Enterprise Support solutions.

    LinOTP Enterprise support

    • Documentation
    • Maintenance and support
    • Virtual Appliance
    • Hardware Appliance