Documents in Administration

How to Configure RCDevs License Server

1. Introduction In this short How-To, we will explain how to configure RCDevs License Server. The license server is now the default RCDevs model for licensing. This documentation is addressed to every new customer who is subscribing for an enterprise license. For others, the license server can be used with at least WebADM 1.6.8-2. IMPORTANT NOTE Once the license server is configured with WebADM, a license cache is available for 10 days.

User Activation

How To Activate Users An activated user is a user which is counted in the license and which is able to authenticate with OpenOTP. There are several ways to activate users. 1. Activate One User Graphically In WebADM, we select the user in the LDAP tree and click on Activate Now!: Then, we complete all mandatory attributes and click on Proceed: We click on Extend Object: Now, the user is activated.


Test Double Authentication with a User 1. User Activation Once WebADM is installed and configured, we can connect to it with a web browser. We select the user to activate in the LDAP tree on the left, for example, Admin, or we create a new user by clicking on Create. Once the user is selected, we click on Activate Now!: If present, we fill mandatory attributes and Proceed: We click on Extend Object:


1. Overview This documentation will explain policies configurable for Web Services and Web Applications under WebADM admin GUI. WebADM provides different kinds of policies : default application configuration (weight 1), per-group (weight 2), per-user (weight 3), per-application (weight 4-6). Settings with the highest weight override settings with the lowest weight. (e.g. for OpenOTP: My default OpenOTP settings require a LoginMode=LDAP only but the user who is trying to log in has a policy configured on his account with the LoginMode=LDAP+OTP.

Hardware Token Import

Inventory For The Hardware Tokens For each purchase of hardware tokens from RCDevs, RCDevs provide an Inventory file encrypted that contains the tokens seeds. Only your server can decrypt this file: it works with the license. The Inventory for the hardware tokens in WebADM/OpenOTP allows: to review the token stock to register a token very easily with the serial number only for the RC200, RC300 & RC400 hardware tokens pressing a Yubikey to save time when importing a large number of tokens.

How to use your Yubikey with RCDevs

1. Overview In this How-To, we will demonstrate how to reprogram your Yubikey with the Yubikey Personalization Tool, to generate an inventory file through Yubico tool to import the Yubikey in WebADM inventory and how to assign and use your Yubikey with OpenOTP. For this recipe, you will need to have WebADM and OpenOTP installed and configured. Please, refer to WebADM Installation Guide and WebADM Manual. 2. Yubico Personalization Tool Once Yubico Personalization Tool is installed, open it.

Plivo SMS Gateway & WebADM

1. Set up an Account on Plivo Sign up for an account. Add the credit to the account (however, you should get some initial free credit when signing up). From the Dashboard go to API Platform and copy the AuthID and the AuthToken. 2. Configure WebADM: Login to WebADM. Go to Applications —> MFA Authentication Server. Configure the section SMS OTP. SMS Message Type ==> Normal (We advise testing using Normal first).

FIDO2 and Passkeys authentication with OpenOTP

1. Overview OpenOTP supports FIDO2 standard from the FIDO Alliance for user authentication and Passkeys provided by Google or Apple. If you intend to use OpenOTP with FIDO2 or Passkeys, please read this document which explains how to enable and use it with your integrations. 1.1 FIDO2 FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. The FIDO2 specifications are the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).

WebADM Administrator Guide

1. Product Documentation This document is a configuration guide for RCDevs WebADM. The reader should notice that this document is not a guide for configuring WebADM applications (Web Services and WebApps). Specific application guides are available through the RCDevs online documentation library. WebADM installation and setup is not covered by this guide and is documented in the RCDevs WebADM Installation Guide. 2. Product Overview WebADM is a powerful Web-based LDAP administration software designed for professionals to manage LDAP Organization resources such as domain users and groups.

Utilities and Command Line Tools for WebADM

1. Introduction In this How-To, we will demonstrate some useful scripts available for WebADM and how to use them. 2. WebADM Utilities and Scripts Some scripts are available in: [root@webadm]# cd /opt/webadm/bin/ [root@webadm bin]# ll total 152 -rwxr-xr-x 1 root root 1809 11 oct. 15:35 backup -rwxr-xr-x 1 root root 6807 11 oct. 15:35 dbprune -rwxr-xr-x 1 root root 11215 11 oct. 15:35 encrypt -rwxr-xr-x 1 root root 10837 11 oct.

Migrate from a third party 2FA software to OpenOTP

1. Overview In this how-to, we will demonstrate how to easily migrate from a third party 2FA software to OpenOTP. In this documentation, we assume that you are already running WebADM, OpenOTP and Radius Bridge. To understand what will be done here, we will describe the steps: Have a WebADM, OpenOTP and Radius Bridge installed and configured, Activate every user who will require 2FA authentication at the WebADM level, Import your third-party hardware Tokens into WebADM.

Utilities and Command Line Tools for OpenOTP

1. Introduction In this HowTo, we will demonstrate some useful scripts available for OpenOTP and how to use them. 2. OpenOTP Utilities and Scripts Some scripts are available in: [root@webadm]# cd /opt/webadm/websrvs/openotp/bin [root@webadm bin]# ll total 112 -rwxr-xr-x 1 root root 18882 Oct 12 16:58 authtest -rwxr-xr-x 1 root root 5858 Oct 12 16:58 pkitest -rwxr-xr-x 1 root root 13090 Oct 12 16:58 pskc2inv -rwxr-xr-x 1 root root 37362 Oct 12 16:58 report -rwxr-xr-x 1 root root 9026 Oct 12 16:58 safenet2inv -rwxr-xr-x 1 root root 3698 Oct 12 16:58 status -rwxr-xr-x 1 root root 11954 Oct 12 16:58 yubi2inv 3.


1. Overview Generally, WebADM is configured to connect with a remote AD/LDAP domain for two reasons: For an admin to be able to browse (and optionally modify) remote domain contents such as user objects via a web browser (and optionally delegate that work to sub-administrators). To act as a gateway to allow the OpenOTP server to read and use remote user data for authentication purposes (i.e. fetch user mobile phone number from AD account).

RCDevs Cloud Services

1. Overview This document provides the necessary information for configuring RCDevs Cloud services on WebADM v2.x. This document is not applicable for WebADM 1.x versions. What is RCDevs Cloud Services ? RCDevs Cloud Services are hosted by RCDevs Security SA, providing additional capabilities for RCDevs enterprise solutions, examples of cloud based functionality are: Push services, Document Sealing and Timestamping (eiDas), SMS Service, Cloud licensing, External PKI for RCDevs’ licensees. The connection from the local WebADM server to the RCDevs Cloud is based on HTTP2 protocol, and can be transported through a proxy server between WebADM servers and RCDevs Cloud infrastructure.

Syslog and WebADM

1. Overview This HowTo describes how to configure WebADM to send logs to the local syslog and optionally after to a remote syslog (rsyslog) server. Procedure may change according to the operating system, this configuration has been tested with CentOS Stream and RHEL OS. Please, refer to Rsyslog documentation for more information. 2. Configuration 2.1 WebADM configuration On WebADM side, you need to edit the following configuration file : /opt/webadm/conf/webadm.conf Then you have to configure/enable the following settings:

Trusted Certificate

1. How to Use my Own Trusted Certificate in WebADM During installation, WebADM generates its own certificate authority certificate and server SSL certificates. Yet, you can use your own SSL certificates instead of the pre-generated ones. Using a trusted certificate may be required when you use the RCDevs OpenID IDP, and to avoid user browser warnings when accessing the WebApps. Just create the SSL certificate and key files in /opt/webadm/pki/custom.crt and /opt/webadm/pki/custom.

Mobile Badging

1. Overview This document demonstrates how to set up and use the mobile badging feature of OpenOTP. To enable that feature in your WebADM infrastructure you must meet the following requirements : Push mechanisms configured with your WebADM infrastructure, Minimal version of WebADM is 2.1.16, Minimal Version of OpenOTP is 2.1.6, Minimal version of OpenOTP Token application is 1.5.16, Mobile Badging and Remote Reporting option part of your freeware, enterprise or trial license.

Voice Registration

1. Overview In this article, we will demonstrate how to record a voice to enable 2FA using voice biometrics. To use Voice Biometrics, it is necessary WebADM 2.0.* and OpenOTP mobile application version 1.4.11 or higher for Android and version 1.4.13 or higher for iOS. 2. Voice Biometric Registration In order to record a voice biometric to a user, log in on the WebADM admin GUI, in the left LDAP tree, click on the user account that you want to register a voice.

Token Registration

1. Overview In this how-to, we will demonstrate the possible ways to enroll a hardware token or a software token on your mobile. For software token registration, you must have a token application installed on your phone like OpenOTP Token or Google Authenticator. OpenOTP Token is the recommended one to enjoy all features offered by OpenOTP server (like push login, phishing protection…). 2. Admin Enrollment through the WebADM Admin GUI A token enrollment can be done by a super_admin or other_admin user through the WebADM admin GUI.

Message Templates

1. Overview This guide will reveal where to look for the message templates, how-to modify the English message templates and how-to add another language. 2. Message Templates 2.1 OpenOTP Log into the WebADM GUI, under Applications, choose OpenOTP and click on CONFIGURE. Under MAIL OTP, one can change the default Email Subject. Scroll down to Message Templates to find the other message templates for OpenOTP. Here the English message templates can be modified.

Seeds file conversion

1. Overview In this how-to, we will demonstrate the possible ways to convert token seed files from different formats into WebADM inventory format, allowing you to use third-party hardware tokens with RCDevs security solutions. We will also demonstrate how to re-use software tokens already registered on end-users devices with RCDevs solutions. 2. Seeds Files Format supported by WebADM 2.1 Un-encrypted Inventory This is the format of an unencrypted RCDevs inventory file which can be imported in WebADM without any conversion: