Mideye: On-Premises MFA for VPN & Apps

Mideye Server is an on-premises multi-factor authentication (MFA) platform. It integrates with your existing infrastructure to protect user logins with a second factor — without replacing your identity provider, VPN, or password system.

What it does

• Adds a second factor to existing logins. Users authenticate with their password first, then verify with a push notification, SMS code, hardware token, or TOTP app.
• Speaks protocols your infrastructure already uses. RADIUS for VPNs and firewalls. REST API for web applications. LDAP for user directories.
• Runs on your infrastructure. Authentication decisions happen on your server, with your data, under your control.
• Delivers OTPs through Mideye’s cloud services. SMS and push notifications are routed through Mideye Switch and Mideye Cloud — but your credentials never leave your network.

What it does not do

Setting accurate expectations:

• Not a VPN. Mideye authenticates users; your VPN handles the tunnel.
• Not an identity provider. Mideye adds a second factor to existing authentication, it doesn’t replace Active Directory, Entra ID, or LDAP.
• Not a password manager. Users still need their primary credentials.
• Not a single sign-on solution. Though it integrates with ADFS and other identity providers for federated MFA.

Local users and hybrid overrides

Mideye Server also has its own local user database. Local users can authenticate via RADIUS without an external directory. For users imported from LDAP or Entra ID, Mideye can override specific attributes locally, for example, assigning a different authentication type or phone number without changing the directory source.

Who is it for

Mideye Server is designed for organizations that:

• Need MFA for VPN, remote access, or network equipment (via RADIUS)
• Want to add MFA to web applications (via REST API / Magic Link)
• Require on-premises control over authentication decisions and user data
• Operate in regulated industries where data residency matters

Supported platforms

Mideye Server runs on:

• RHEL / Rocky / Alma 8.x and 9.x (RPM)
• Debian 11, 12, 13 and Ubuntu 22.04, 24.04 (DEB)
• Windows Server 2016–2025 (MSI)
• Docker / Podman (container image)

See Pre-install Checklist for hardware and software requirements.

How Mideye Server compares

Most MFA solutions today are cloud-only — your authentication data, user records, and login decisions are processed on the vendor’s servers. Mideye Server takes a different approach:

Aspect	Cloud-only MFA	Mideye Server
Authentication decisions	Vendor’s cloud	Your server
User data location	Vendor’s infrastructure	Your database
Internet dependency	Required for all MFA	Optional — air-gapped TOTP works offline
RADIUS support	Often proxy-based or limited	Native RADIUS server + RADSEC
Data sovereignty	Vendor’s jurisdiction	Your jurisdiction
Vendor lock-in	SDK/agent integration	Standard RADIUS — works with any VPN/firewall
Compliance posture	Depends on vendor certifications	Your infrastructure, your auditors, your control

Mideye isn’t anti-cloud — it uses cloud services for SMS and push delivery. But the authentication engine, the credentials, and the decision-making stay on your premises. This is a fundamentally different trust model.

For a deeper comparison, see On-Premises vs Cloud MFA.

Key capabilities at a glance

• 11 authentication types — Push, SMS, TOTP, hardware tokens, Magic Link, Assisted Login, and more → Authentication Types
• RADIUS and RADSEC — Native RADIUS server with optional TLS encryption → What is RADIUS? What is RADSEC?
• Magic Link API — Passwordless MFA for web apps via REST → Magic Link Authentication
• Directory integration — LDAP, Active Directory, Microsoft Entra ID → Directory Integration
• Threat intelligence — IP reputation and automatic blocking → Mideye Shield
• Air-gapped mode — MFA without internet connectivity → Air-Gapped Authentication
• Assisted Login — Human-approved authentication for shared environments → Assisted Login
• Compliance support — NIS2, GDPR, DORA, ISO 27001, PCI DSS → Compliance & Regulatory Frameworks
• EU data sovereignty — Swedish company, all services in Sweden → Data Residency

Licensing

Mideye Server is licensed per user. Contact sales@mideye.com for pricing.

Trial licenses are available for evaluation.

Next steps

• System Architecture — Understand the components and how they connect
• Authentication Flows — See how logins work step by step
• Getting Started — Install and configure Mideye Server