Mideye Documentation
What is Mideye?
Section titled “What is Mideye?”Mideye is an on-premises multi-factor authentication (MFA) server that secures VPNs, servers, remote desktops, and applications. It integrates with your existing infrastructure via RADIUS and REST APIs, and supports multiple authentication methods including SMS OTP, push notifications, TOTP, and hardware tokens.
Key capabilities:
- On-premises deployment — Run entirely within your infrastructure, or use optional Swedish-hosted services for push and SMS delivery
- Multiple protocols — RADIUS for network devices, REST APIs for applications
- Flexible MFA methods — SMS, push, TOTP, hardware tokens, and assisted login
- Directory integration — Active Directory, LDAP, and local user stores
- Threat protection — Mideye Shield guards against password spray, brute-force, and MFA fatigue attacks
Getting Started
Section titled “Getting Started”| Topic | Description |
|---|---|
| Pre-installation Checklist | Requirements and preparation steps |
| Install on RHEL/Rocky/Alma | RPM-based installation |
| Install on Debian/Ubuntu | DEB-based installation |
| Install on Windows | Windows Server installation |
| Initial Configuration | First-time setup and configuration |
Core Documentation
Section titled “Core Documentation”Authentication Methods
Section titled “Authentication Methods”One-time passwords delivered via SMS. Works with Swedish and international providers with multiple connections for redundancy.
Real-time push notifications via the Mideye+ mobile app. One-tap approval on iOS and Android.
Time-based OTP compatible with Google Authenticator, Authy, and RFC-compliant apps. Offline capable.
YubiKey, HID, and Feitian OATH-compatible tokens for high-assurance environments.
Dual-approval (four-eyes) authentication. User initiates, approver validates via Mideye+ push.
Architecture Overview
Section titled “Architecture Overview”The Mideye Server runs on-premises and communicates with optional European-hosted services:
- Mideye Switch (European data centers) — Routes SMS/OTP messages and validates hardware tokens
- Mideye Shield — Threat intelligence and IP reputation
- Mideye Plus — Push notification service for mobile authentication (via Apple/Google)
- MAS — Magic Link approval pages
For environments requiring no external dependencies, use TOTP and hardware tokens which operate entirely on-premises.
Deployment Options
Section titled “Deployment Options”| Model | Description |
|---|---|
| On-Premises | Full local deployment. Authentication handled locally with TOTP and hardware tokens. No external network dependencies. |
| Hybrid | On-premises server with Swedish-hosted Mideye Switch for SMS/push delivery. |
| Central API | Direct API integration with Mideye-hosted authentication service for web applications. |