Human-in-the-Loop Access Control

Four eyes on every privileged login.

Assisted Login turns always-on connections into on-demand access. A real person, notified on their own phone, explicitly approves each session before access is granted. Think of it as a digital key switch.

The concept

A digital key switch.

Assisted Login is a human-in-the-loop (HITL) access approval system. Instead of always-on VPN connections or standing access for vendors, it requires real-time approval from a designated person before access is granted, just as physical key switches in control rooms require a human to turn a key before critical systems activate. Approvals arrive as Mideye+ push notifications for instant response, and automated attacks cannot bypass a human who has to say yes.

1

Access request

A user, vendor, or technician attempts to log in to a protected resource.

2

Human approval

The designated approver is notified instantly on their own phone and sees who is asking for what.

3

Access granted

One tap approves the session, with the full decision recorded in the audit log.

Vendor & third-party access

No more 24/7 vendor tunnels.

The problem with always-on vendor access

Third-party vendors, MSPs, and contractors often receive permanent VPN credentials for maintenance and support. These always-on connections create a standing attack surface, if vendor credentials are compromised through phishing, credential stuffing, or supply chain attacks, adversaries gain the same persistent access the vendor had. Assisted Login removes the need for standing privileged access.

No standing access

Vendor VPN accounts exist but have no access until your staff explicitly approves a session. Zero attack surface when not in use.

On-demand only

Vendors connect only when needed, only when approved. Access is time-limited and tied to specific maintenance windows.

Full accountability

Every vendor session has a named internal approver. Your team owns the decision log. Complete audit trail for compliance.

Use cases

Where a human belongs in the loop.

MSP & vendor access

External IT providers, software vendors performing maintenance, or cloud service integrations. Your operations team approves each session, no more 24/7 vendor VPN tunnels. See also Shared Accounts for managing privileged credentials.

Shared workstations

Factory floors, labs, or kiosks where multiple employees share computers. Supervisors approve access for team members without distributing shared passwords.

Help desk & IT support

Support staff need temporary access to resolve tickets. The assigned technician requests, the ticket owner or manager approves, with a full audit trail for change management.

Break-glass access

Emergency scenarios where normal authentication isn't possible. Pre-authorized approvers can grant immediate access while maintaining security controls and compliance.

Healthcare & shift work

Nurses and doctors accessing patient systems. Charge nurses or attending physicians approve access for their team during the shift. Access controls that support healthcare privacy requirements.

Critical infrastructure

OT/ICS environments requiring dual authorization. Control room operators must approve remote maintenance access, the digital equivalent of a physical key switch.

Why it matters

Standing access is a standing risk.

The problem with standing access

Traditional VPN and remote access solutions provide always-on connectivity. Once credentials are provisioned, the connection is available 24/7, whether it's needed or not. This creates a permanent attack surface that threat actors can exploit through credential theft, phishing, or supply chain compromise.

The HITL solution

Human-in-the-loop approval ensures a real person consciously decides to grant access at the moment it's needed. Even if credentials are stolen, attackers cannot gain access without also compromising the approver. This adds a layer that automated attacks cannot bypass.

Directory integration

Your groups decide who approves.

Active Directory groups

Define who can request and who can approve based on existing AD group membership. No new directory schema required.

Azure AD / Entra ID

Works with hybrid and cloud-first environments. Validate approver membership against Entra ID groups for modern identity architectures.

Dynamic pairing

Match requesters to approvers by group prefix or keyword pattern. Team-Alpha-Users approved by Team-Alpha-Approvers, automatically.

Approvals arrive as Mideye+ push notifications, with an SMS magic-link fallback for approvers who haven't activated Mideye+.

Security & compliance

Every approval, on the record.

  • Full audit trail, every request and approval logged with timestamps, user IDs, approver identity, and IP addresses. Supports SOC 2, ISO 27001, and regulatory audit requirements.
  • Real-time validation, approver identity is verified against the directory at the time of approval. Revoked accounts cannot approve.
  • Session timeout, configurable approval validity period per profile. Access expires automatically.
  • Challenge questions, optional additional prompts before approval: ticket number, reason code, maintenance window ID.
  • No shared secrets, each approval is a unique, non-replayable authentication event. No emergency passwords to manage or rotate.

Assisted Login vs. traditional PAM: PAM solutions focus on vaulting and rotating credentials. Assisted Login complements PAM by adding human approval at the moment of access, even if vaulted credentials are compromised, the human approver gate remains.

Regulatory alignment

The four-eyes principle, implemented.

Assisted Login implements the "four-eyes principle" (two-person rule) required by multiple compliance frameworks.

ISO/IEC 27001:2022, Annex A 5.3

Requirement: "Conflicting duties and areas of responsibility shall be segregated to reduce the risk of fraud, error and the bypassing of information security controls."

How Mideye addresses this: Assisted Login enforces segregation by requiring two distinct users, requester and approver, for privileged access. The system prevents the same user from fulfilling both roles.

ISO 27001:2022 Annex A 5.3 guide →

DORA RTS Article 21, Privileged Access Management

Requirement: "Segregation of duties designed to prevent unjustified access... assignment of privileged... access on a need-to-use or an ad-hoc basis."

How Mideye addresses this: Time windows enforce temporary, need-to-use access; the approver must be different from the requester; and the full audit trail records who requested, who approved, when, and for what purpose.

DORA RTS on ICT risk management →

NIS2 Directive, Access Control Policies

Requirement (Article 21, paragraph 2(i)): "Access control policies and asset management."

How Mideye addresses this: Policy-based approval workflows define which approvers can authorize access to which resources, with configurable time restrictions and multi-level approvals.

NIS2 Directive on EUR-Lex →

Note: Mideye provides the technical controls for segregation of duties and privileged access management. Achieving full ISO 27001 certification, NIS2 compliance, or DORA compliance requires comprehensive organizational programs. See the compliance hub for complete framework mappings, or consult your compliance team.

Put four eyes on your privileged access.

Assisted Login is included with Mideye Server 6.x. Talk to us about your access approval, vendor management, or supply chain security requirements.