SignOn Proxy Diagram

SignOn Proxy

The central authentication instance and middleware for your entire IT landscape. It simplifies and secures access by acting as a single point of validation, enhancing security with robust Multi-Factor Authentication.

Download Trial Request a Demo

Key Features

The SignOn Proxy is a versatile authentication middleware with an extensive feature set designed for flexibility and security.

Versatile Authentication

Supports LDAP authentication and allows for custom authentication modules.

Multi-Factor Authentication (MFA)

Comprehensive MFA server supporting TOTP, HOTP, FIDO2, Smart Cards, and COTP push notifications.

Gateway Functionality

Operates as a flexible LDAP server or a RADIUS server to integrate with existing infrastructure.

Authentication Caching

Improves performance and reliability by caching authentication credentials for high availability.

Powerful REST API

Provides a full-featured REST API for easy integration with web applications and other services.

Agent Forwarding

Forwards authentication requests to Comtarsia SignOn Agents in distributed environments.

SignOn Proxy Architecture Concept

Core Functionality

  • LDAP Authentication
  • Active Directory Authentication without Domain Join
  • SignOn Agent Trigger
  • Proxy Authentication for Comtarsia Logon Client, Comtarsia Web Gateway, and Comtarsia LDAP Directory Replicator
  • HOTP/TOTP/COTP and FIDO2 Engine for all LDAP Directories and Active Directory
  • Authentication Session Password
  • Proxy Forwarding
  • Central Logon Policy Rules

Platform & Directory Support

Supported Platforms

  • Windows Server 2016, 2019, 2022, 2025

Supported LDAP Directories

  • Microsoft Active Directory (via LDAP, no domain join required)
  • OpenLDAP, 389 Directory Server, ApacheDS
  • NetIQ eDirectory (formerly Novell)
  • IBM Tivoli & z/OS SecureWay (RACF), Oracle DS, Sun DS
  • Any other standard-compliant LDAPv3 directory

Authentication Plugins

  • RADIUS
  • SIP2
  • Contact us for an individual authentication module

Advanced Multi-Factor Authentication (MFA)

Significantly improve your organization's security by adding a second factor to the authentication process. The SignOn Proxy supports multiple MFA types to fit your specific needs.

Comtarsia Authenticator App animation

  • Standard OTPs (TOTP & HOTP)

    Supports time-based (TOTP) and counter-based (HOTP) one-time passwords, compatible with standard authenticator apps.

  • FIDO2

    Enables modern, phishing-resistant authentication using hardware security keys, often with a USB interface.

  • COTP (Comtarsia Push OTP)

    A user-friendly method where users approve a login request via a secure, end-to-end encrypted push notification sent to their smartphone.

The Comtarsia Authenticator App

Available for Android and iOS, our app supports TOTP, HOTP, and the proprietary COTP protocols. It can be used with Comtarsia solutions and most websites that support two-factor authentication.

Flexible Gateway Modes

The SignOn Proxy can function as a powerful gateway for your existing services, extending them with MFA and other features.

LDAP Gateway

The LDAP Gateway can be configured in two main modes to seamlessly integrate with your environment.

  • Passthrough Mode: Intercepts only authentication requests for MFA processing, forwarding all other requests to the backend.
  • Standalone Mode: Useful when the primary auth system isn't LDAP-based or when attributes need to be modified on the proxy itself.

RADIUS Gateway

The proxy can also act as a RADIUS server, allowing you to secure network devices like switches, VPNs, and other RADIUS clients with its advanced authentication and MFA capabilities, centralizing your security policy.

Technical Details & Integration

Designed for easy deployment and management in modern enterprise environments.

Platform Support

Available for both Windows and various Linux distributions.

  • Windows Server 2016 - 2025
  • RedHat Enterprise Linux 8
  • Ubuntu 24 & AlmaLinux 9
  • Other distros on request

Easy Configuration & Management

Configure the proxy via a user-friendly Web Management interface. This prevents errors and provides a clear status dashboard. Automated deployment via Registry/config files is also supported.

Powerful REST API

An extensive REST API (JSON over HTTPS) allows for deep integration, covering both management/configuration and user-facing MFA device enrollment.

Ready to Secure Your Infrastructure?

Let's discuss how the Comtarsia SignOn Proxy can become the central authentication hub for your organization. Contact our experts for a personalized demo.

Contact Sales