Multi-Factor Authentication

Passwords aren't enough. Add a second factor.

Mideye adds multi-factor authentication to your VPNs, firewalls, and applications, on your infrastructure, under your control, with European data residency.

The problem

Stolen credentials are the #1 cause of data breaches.

Phishing, credential stuffing, and brute force defeat even strong passwords. Multi-factor authentication blocks the vast majority of account-compromise attacks by requiring something users have, a phone or hardware token, not just something they know.

Regulations like NIS2, DORA, and GDPR increasingly mandate MFA for critical infrastructure, financial services, and personal data. The question isn't whether to deploy it, it's how. See the compliance framework overview for the specifics.

New to MFA? Start with the guide: What is multi-factor authentication?

Why Mideye

Your infrastructure, your rules.

Most MFA providers are cloud-only, your users and authentication decisions live on someone else's servers. Mideye is different.

On your servers

Mideye Server runs in your datacenter. Passwords and authentication decisions are processed locally, and your directory stays untouched, with no schema changes to Active Directory or LDAP.

European data residency

The central delivery service, SMS routing, push notifications, and token logistics, is hosted in the Nordics, designed to support GDPR, NIS2, and DORA requirements.

Zero-disruption rollout

Integrates over standard RADIUS, the protocol your VPN and firewall already speak. No agents to install, no proxies to maintain, no application changes. See integration examples.

How it works

Credentials stay home. Only deliveries leave.

Your infrastructure
  • Mideye Server
  • VPN · firewall · applications
  • Active Directory / LDAP
Mideye Central · Sweden
  • Push notifications
  • SMS / RCS delivery
  • Token logistics

User credentials and authentication decisions never leave your server. Only delivery requests traverse the encrypted connection to Mideye Central.

Authentication methods

Every user, covered.

Different users need different methods. Mideye supports them all, and users switch between them without admin intervention.

Line icon of a smartphone showing an approval checkmark

Push, Mideye+ appRecommended

One-tap approval on iPhone and Android, no codes to type. Works over WiFi when mobile networks are unavailable, and reduces phishing risk since there is no one-time code for an attacker to trick out of the user.

Learn more about Mideye+
Line icon of a phone receiving a one-time code by SMS

SMS one-time password

A numeric code delivered to any mobile phone, no app required. Mideye maintains direct connections to mobile operators worldwide and tracks delivery receipts in real time.

Line icon of a handheld hardware token with a code display

Hardware tokens

OATH-compliant tokens for environments where phones aren't allowed, YubiKey, HID, and PSKC-compatible. No battery dependency, no network: just a code.

Learn about hardware tokens
Line icon of a countdown timer above a one-time code

TOTP, offline codes

Time-based one-time passwords from the Mideye+ app or any standard authenticator. No network needed at login, ideal for air-gapped environments or as a fallback.

Learn about air-gapped mode

Integrations

Works with the systems you already run.

Standard RADIUS means no agents, no proxies, and no application changes.

VPN & firewalls

FortiGate · Palo Alto GlobalProtect · Cisco AnyConnect · Cisco ISE · Check Point · SonicWall · F5 BIG-IP

Remote access

Citrix NetScaler · Citrix Gateway · Pulse Secure · Windows RDS · VMware Horizon · Apache Guacamole

Identity & SSO

Microsoft ADFS · Entra ID (Azure AD) · SAML 2.0 · OIDC → RADIUS

Linux & servers

PAM RADIUS module · SSH authentication

Compliance

Built for regulated environments.

NIS2

Strong authentication for critical infrastructure operators

DORA

Strong authentication for financial entities' ICT systems

GDPR

Appropriate technical measures to protect personal data

ISO 27001

MFA recommended as part of access control policies

Mideye's on-premises architecture with European data residency is designed to support these frameworks, with controls customers use as part of their own certification and compliance programs. See the full compliance mapping or learn about data residency.

Advanced capabilities

Beyond the second factor.

Assisted Login

Delegated authentication for teams: a supervisor approves access in real time via push, for shared workstations, help desks, and break-glass scenarios. Group-based authorization with a full audit trail.

Learn about Assisted Login

Shared Accounts

MFA for shared and service accounts. Each user identifies with their own phone or token, creating individual accountability on shared credentials.

Learn about Shared Accounts

Cloud Authentication API

MFA without a server: one REST endpoint for push and SMS with automatic fallback, hosted in the Nordics with EU/EEA data residency.

Explore the Cloud API

Mideye Shield

Protect the MFA you just deployed.

Mideye Shield hive-defense emblem

Deploying MFA is step one, protecting it from attack is step two. Shield blocks brute force, password spraying, and MFA fatigue attacks before they reach your users, with threat intelligence shared across connected Mideye instances.

  • Automatic IP blocking based on behavior patterns
  • Protection against MFA prompt bombing
  • No configuration required, one-click enable
Learn more about Mideye Shield

Ready to secure your authentication?

Request a guided trial and we'll plan a proof-of-concept together with your IT team. Our engineers help you integrate Mideye with your VPN, firewall, or application.