Proper Authentication is required?

Proper authentication is a key security requirement when accessing resources via a network, username/password is no more sufficient!

Various secure authentication methods are implemented by ApplicGate such as:

  • Certificates
  • One-Time Password (OTP)
  • Time-based One-Time Password (TOTP)
  • OAuth 2.0
  • Web Authentication (WebAuthn), FIDO2

Use Cases/TechInfo


You can use any certificate (software certificate or smartcard) for authentication.

  • Certificates can come from any Certification Authority (CA), either from your own CA or any public CA.
  • The easiest way to generate certificates is to use scripts, e.g. PowerShell scripts provided by ApplicGate.
  • ApplicGate requests client certificates during TLS sessions setup.
  • The email address provided in the client certificate will be used to authorize certain functions
Appset image

One-Time Password (OTP)

You have to enter a One-Time Password that has been set to you via SMS or email.

  • Prerequisite is a user list where for each user the email addresses, the mobile phone number (optional), and the personal security ID are stored.
  • Each entry may have an expiration date. When the entry expires the responsible person will be notified via email. The user list can be managed via the built-in web interface.
  • For authentication the user opens a web page (templates are provided), enters his/her email address and the security ID.
  • ApplicGate will return a one-time password via email or SMS (as requested).
  • This password must be entered into the web form to finish the authentication process.
Authentication OTP

Time-based One-Time Password (TOTP)

You have to enter the code generated by Google or Microsoft Authenticator. (Initial authentication is done via SMS or email.)

  • The user must install the Google or the Microsoft Authenticator on his/her mobile device.
  • Prerequisite is the user list as defined for OTP because the initialization process (generation and distribution of the shared secret) must be authenticated by email or SMS.
  • When using the authenticator the first time: After authentication by email or SMS a QR code to configure the authenticator with the shared secret will be shown.
  • Now for authentication the user must enter the email address, the security ID and the 6-digit code generated by the authenticator.
Authentication TOTP

Logon to ApplicGate

Use this feature for additional authentication for protocols other than https, e.g. RDP. Authentication by certificates, OTP and TOTP is supported.

  • Logon can be done with any web browser.
  • As long as the authenticated session is established any session from the same source address and to ApplicGate routing entries with the email address configured are allowed.
Appset image

FAQ + Techblog

Q: Is ApplicGate available for Linux also?

A: Yes, it is. Send an email to and we will be glad to send you a version built for Linux.

Looking for a Reverse Proxy?

How to tunnel UDP traffic over TCP

If you would like to secure UDP traffic via unsecure networks or network segments you can add authentication and encryption easily.

Subscribe to ApplicGate News

Interested in new use cases and ApplicGate applications? Subscribe to our newsletter and never miss a new topic!

Quick Contact Form