Fixed Support Center Header - Freshdesk Template
Octopus Authentication Flows and Authenticators - Secret Double Octopus
?

Octopus Authentication Flows and Authenticators

Modified on Tue, 30 Dec at 12:59 PM

Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            ZeroPassword · Internal Training

            Octopus Authentication Flows

            This page includes all main Octopus authentication flows

            Download Options
             Download the full PDF or PPTX version of this presentation. 
            S

            Octopus main authentications flows

            This flow describes the full authentication flow for main use cases, of user authentications ONLINE and OFFLINE.

            Octopus Authenticator (Push)

            Authentication happens in two steps: the user enters their username, which triggers a challenge from the Octopus server and sends an authentication request to the Octopus Cloud push server. The user then approves the push notification on their phone and verifies the second factor using biometrics.


            FIDO/Passkey Token

            The user sends their username to the Octopus server and receives a challenge from the FIDO gateway. They sign the challenge using a PIN or biometric on their FIDO token, which returns an encrypted password for completing authentication.


            Smartcard Authentication

            The process starts with the user sending their username to the Octopus server, which validates the certificate. Then, the user signs the challenge with a PIN, and the server responds with an encrypted password to finalize login.


            Voice Call Authentication

            The user receives a voice call from the Octopus system and is prompted to enter a PIN code. Once the PIN is verified, the user is authenticated successfully.


            Computer Biometrics (Windows Hello / Mac TouchID)

            The user logs in using Windows Hello or Mac TouchID, which provides biometric authentication. After approval, Octopus can initiate from the system tray and use the same biometric factor for web and legacy applications.


            Offline Authentication with BLE Proximity

            For offline login, credentials are securely transmitted from the phone to the PC via Bluetooth Low Energy (BLE). This enables authentication without internet connectivity.


            Offline Authentication with FIDO Token

            The user enters their username, and the Octopus client generates a challenge for the FIDO key. The user verifies with a PIN or biometric on the FIDO token, which sends back an encryption key to decrypt the login message.


            User Bypass (Username & Token/Password)

            When a user has no phone or is not enrolled, they authenticate using their username and a token or password. The Octopus server checks credentials against Active Directory for validation.


            FIDO Token for RADIUS Client

            Before connecting to a VPN via RADIUS, the user runs the FIDO client. They send their username to the Octopus server, receive a challenge, and respond with a signed challenge from the FIDO client, which completes the service connection.


            Hybrid Server Authentication

            Authentication requests are processed by the Octopus Hybrid Server, which syncs with the SaaS server. Once approved, the encrypted password is returned for login.



            i

            Attachments

            ?️ Print

            Articles in this folder -

            You may like to read -

            Footer - Secret Double Octopus