Our MFA solution

LinOTP for the protection of digital identities

In the age of multiple digital selfs, fake news and alternative facts, ensuring that identities stay secure becomes a key factor.

LinOTP - smart & reliable

LinOTP is a flexible, innovative and versatile platform for strong MFA authentication in enterprise environments, which leverages the possibilities of open OTP (one-time-password) standards. Developed and maintained by KeyIdentity, LinOTP scales to meet the needs of small, custom installations, medium-sized businesses and also large enterprise environments.

If your user base grows from a few to several thousand, LinOTP scales with you and adapts to the changes in your IT landscape.

Due to its modular architecture, LinOTP is manufacturer-independent and supports a wide variety of
authentication protocols, token types and user directories. LinOTP supports multi-client capable setups, scales very easily, is user-friendly and can be rolled out quickly and easily in your environment. With LinOTP our customers achieve high security standards without great effort.


LinOTP Server is AGPLv3-licensed, the native GUIs and command line tools are GPLv2.

The architecture of LinOTP is also designed to be modular and open. Thanks to this modular architecture, LinOTP does not lock you into one specific authentication protocol or user directory.

Easy and comprehensive management

LinOTP contains administrative frontends for managing your tokens and their respective users. The integrated web interfaces allow for comprehensive and easy administration of LinOTP by using the API for management, self service and authentication in the backend.

In addition, LinOTP also provides you with command line tools for various operating systems, making scripted actions or integrations into deployment frameworks easy to achieve.

With the self service interface you can enable your users to manage themselves and relieve the helpdesk. The self service application and the associated user permissions can be precisely controlled via the LinOTP guidelines.

The automatic assignment of tokens to users and the automatic rollout of tokens are just two of the many LinOTP features, which make token management as smooth and easy as possible.

Data sheet

Get an overview of KeyIdentity LinOTP

Modern smartphone-based MFA - KeyIdentity push token

Broad integration


An integration into your RADIUS setup is made possible by the FreeRADIUS module (rlm_linotp). For simple and fast integration into existing environments, the KeyIdentity Smart Virtual Appliance contains a completely set-up and integrated RADIUS server with the LinOTP RADIUS module already integrated. LinOTP is already successfully used in customer setups with Citrix Netscaler, Cisco ASA, Juniper/Junos VPNs and many other RADIUS-enabled services. If you decide to run LinOTP in a native environment, we provide you with the necessary modules for FreeRADIUS and Radiator for easy integration.

Windows, macOS and Linux

The products of the KeyIdentity Authentication Provider family extend the authentication processes of Microsoft Windows, macOS or Linux environments with strong multi-factor authentication. The tight integration of the KeyIdentity MFA platform enables advanced features such as offline OTP authentication in your environment.


The LinOTP API allows for a quick and easy integration of multi-factor authentication in your application. Secure, reliable and strong authentication is only one API call away. LinOTP is developed with an API-first approach and the integration of features beyond validation is easy to implement and document.


The LinOTP module for simpleSAMLPHP allows SAML - enhanced with multi-factor authentication - to be integrated into your LinOTP environment.


LinOTP contains a complete OpenID Identity Provider. All required processes for registration and validation of identities via strong authentication are integrated in the overall LinOTP and self service setup.

Supported token types

Software tokens

  • KeyIdentity Authenticator
    • KeyIdentity QR token
    • KeyIdentity QR TAN
  • All OATH-compatible mobile tokens
    • Google Authenticator
    • FreeOTP
    • Micorosoft Authenticator
    • and more
  • All FIDO U2F-compatible soft tokens
  • mOTP-compatible soft tokens

Hardware tokens

  • Gemalto SafeNet eToken Pass
  • Feitian c100 c200 c300
  • SmartDisplayer
  • VASCO OATH Token
  • Yubico Yubikey
  • Gemalto OATH Token
  • NagraID
  • All OATH-compatible tokens
  • All FIDO U2F-compatible tokens

Server tokens

LinOTP contains various server-integrated tokens. These enable the use of out-of-band tokens (OOB) or functionalities beyond the standard.

  • SMS tokens
    • based on guidelines
    • multiple backends possible
    • support of HTTPS, SMTP und  SMPP protocols
  • E-mail tokens
  • One-Time-Use Password

Functionalities such as automatic rollout and synchronization of tokens make them easy and transparent to use.

Integrated tokens

With its modular architecture, LinOTP allows for the smooth migration of legacy systems, flexible setup via complex network infrastructures or the management of roaming users. Optimize your resources and implementations.

  • Forwarding tokens
  • RADIUS tokens
  • Remote tokens

Test trial

Convince yourself and test the KeyIdentity MFA platform for free!