Token2 TOTPRadius Virtual appliance

download purchase integration guides


A simple and cost-effective way to provide secure, policy-compliant and user-friendly on-premises two-factor authentication solution with self-enrollment
Token2 TOTPRadius Virtual applianceToken2 TOTPRadius provides the RADIUS RFC-2865 for TOTP RFC-6238 based authentication. With TOTPRadius you can integrate a large variety of third-party products and systems with multi-factor authentication. A number of enterprise products and services like VPNs, Citrix XenApp/XenDesktop, VMWare View and many others provide support for RADIUS servers to validate the second factor of user authentications. Additionally, TOTPRadius appliance is providing RESTful API for second-factor authentication and enrolment (including self-service enrolment where possible). This allows implementing a fully on-premises secure and user-friendly two-factor authentication supporting RADIUS and LDAP protocols together with HTTP API with one appliance. TOTPRadius does not send or download any data from the internet and can function in complete isolation from the public internet. TOTPRadius supports OTP-only authentication based on RFC-6238 algorithm (TOTP: Time-Based One-Time Password Algorithm), Local password + OTP combined authentication as well as LDAP+OTP combined authentication. It provides a web-based administration panel and an HTTPS REST-based API service designed to enable users' self-enrollment

Self-enrollment using RESTFul API

The main advantage of TOTPRadius is the RESTFul API that allows users to self-enrol with their software tokens such as Google Authenticator and Token2 Mobile OTP. An example of such an integration is a self-enrollment mechanism with Citrix Netscaler/StoreFront. The integration can be done by installing our Storefront integration package and adding a new RADIUS authentication server on the Netscaler. It usually takes not more than five minutes to implement. Refer to Citrix integration manual for more details.




Self-enrollment using LDAP Enroll web interface

You can configure TOTPRadius to allow users to log in without second factor (e.g. using AD password only) for the first time and then navigate to TOTPRadius LDAP Enroll web interface (accessible only within your local network or VPN), where they can enrol the second factor independently. Administrators can also allow modifying (reenrolling) via LDAP Enroll web interface.



LDAP Proxy

The principle behind LDAP Proxy mode is that users will provide their AD or LDAP password together with the one-time passwords in the password field. TOTPRadius will then parse the password, split it into two parts and authenticate the OTP and if correct will send the AD/LDAP password part further to the AD/LDAP server configured. The order of authentication is exactly as stated above, OTP is checked first and AD after OTP is confirmed correct; this is done in order to prevent account lockouts during brute force attacks. Enabling LDAP Proxy on your TOTPRadius appliance allows implementing two-factor authentication for systems that do not natively support it, such as Cisco Meraki VPN, Cisco WLC and many others



High availability and hardware token management

Token2 TOTPRadius Virtual applianceStarting from version 0.2.2 TOTPRadius appliances can be configured in high availability mode. Appliances in slave mode will only contain a read-only database will periodically synchronize with their master appliance via HTTPS REST API.
Starting from version 0.2.4, TOTPRadius has a built-in management interface for hardware tokens.  The hardware management tool allows adding and importing hardware token data, verify and adjust time drift using the virtual TOTP emulator and assign the hardware token to any user with a couple of clicks.


Download & install

TOTPRadius is deployed as a software-based virtual appliance that runs on two hypervisors: VMWare ESXi and Microsoft Hyper-V. Upon request, virtual appliances for other hypervisors can be provided. It is free to use with up to 5 users. You need to obtain a license to increase the number of allowed users. You can download the appliance using one of the links below:

format: OVA file (zip archive)
filesize: 1.6 GB
download VMware image
format: Exported guest (zip archive)
filesize: 1.6 GB
download HyperV image




Changelog
[0.2.4 RC1] Hardware token management and assignment feature added
[0.2.4 RC1] Non-ASCII Password allowed in LDAP Proxy mode
[0.2.4 RC1] Support for L10N of LDAP Enrollment page (EN and DE provided)
[0.2.4 RC1] Moved to Ubuntu 20 LTS 


The installation and configuration are described in the documentation section (currently under development). The latest version of TOTPRadius is 0.2.4-RC1. Information about previous versions is available here: v0.1, v0.2 , v0.2.1 , v0.2.2, v0.2.3



Purchase

It is free to use with up to 5 users. You need to obtain a license using the link below if you need to increase the number of allowed users. After completing the purchase you will receive an email containing the order URL. To generate the TOTPRadius user licenses, click on the "generate CAL" button on the order page and provide the Host ID. The license key will be generated and sent to your email address.

purchase TOTPRadius client licenses



Integration guides


Citrix Netscaler & StoreFront
Full integration including built-in self-service user enrollment integration package for StoreFront based on RESTFul API.
read more ...


Cisco Meraki MX
Enabling two-factor authentication for Meraki Client VPN. Self-enrollment is possible via LDAP Enroll web interface.
read more ...


Cisco ASA
This guide will document how to configure 2-factor authentication on a Cisco ASA, using Microsoft Active Directory as the first factor and TOTPRadius Server as the second.
read more ...


Fortigate VPN
RADIUS authentication source without built-in self-enrollment feature. Self-enrollment is possible via LDAP Enroll web interface.
read more...


Microsoft ADFS
Using Token2 TOTPRadius ADFS Authentication Provider with ADFS Server

read more ...


VMWare Horizon View
How to Set Up 2-Factor Authentication in VMware Horizon View with TOTPRadius

read more ...
Currency
Large Volume Orders
For large orders, Token2 offers volume discounts.If you are interested in larger volume orders, please contact us and we will get back with a quote immediately
Burner apps


We are using cookies. By using our site you agree with ToS  ok