Password Authentication
Validates against Active Directory or local Mideye user database. Standard first factor for all users.
Run Mideye Server entirely inside your isolated network. No internet connection, no cloud dependencies, no external infrastructure.
Concept
Air-gapped mode allows Mideye Server to operate in fully isolated networks without any connection to the internet or Mideye's central infrastructure.
Designed for classified environments, critical infrastructure, and high-security data centers where network isolation is mandatory. This on-premises multi-factor authentication solution enables secure authentication entirely on-site using passwords and locally-provisioned hardware TOTP tokens.
Use cases
Government, defense, and intelligence environments requiring complete network isolation.
Power plants, water treatment, industrial control systems where internet access is strictly prohibited.
Secure processing environments with no external network connectivity.
Regulatory frameworks requiring authentication without cloud dependencies or supply chain risks.
Configuration
Air-gapped mode is configured during initial Mideye Server setup through the Install Wizard:
During the Switch Configuration step, click "Show Advanced Settings".
Check the Air-Gapped Mode checkbox. The Switch connection fields become optional.
Finish the remaining setup steps without requiring an internet connection.
Air-gapped mode is a permanent configuration choice made during setup. Switching between connected and air-gapped mode after initial deployment requires reinstallation.
Capabilities
Validates against Active Directory or local Mideye user database. Standard first factor for all users.
Hardware tokens (YubiKey, HID) or authenticator apps. Tokens are provisioned locally and work completely offline.
SMS OTPs, Mideye+ Push Notifications, and Magic Links are disabled as they require connection to our central infrastructure and gateways.
Mideye Shield and IP reputation checks are disabled as they rely on real-time threat intelligence from our central service.
Operations
Pre-programmed OATH TOTP hardware tokens can be imported via PSKC files. Seeds are securely loaded during deployment without network access.
Learn about hardware tokens →TOTP secrets can be provisioned to authenticator apps via a QR code displayed locally on the admin portal. The provisioning happens inside the isolated network.
Compliance
Air-gapped deployment addresses strict security requirements for critical infrastructure and zero-trust supply chain security.
Requirement: Essential entities must manage supply chain risks.
Solution: Zero external dependencies for authentication. No cloud services or third-party authentication providers required, eliminating the supply chain attack surface.
Requirement: Manage third-party dependencies and concentrations.
Solution: Eliminates runtime dependencies on external authentication providers. Authentication is 100% under your control with no third-party service concentration risk.
Requirement: Network segmentation (ICS/SCADA, classified networks).
Solution: Authentication infrastructure remains entirely within your security perimeter, preventing breaches of network segmentation policies.
These are requirements our customers address using Mideye's controls as part of their own certification and compliance programs. See the full compliance mapping.
Contact our team to discuss your isolated environment requirements and plan your deployment.
We use cookies and analytics to improve your experience and understand how our site is used. Privacy Policy