Nordic MFA, pioneering mobile authentication since 1999

MFA for every deployment scenario. Automated attacks stopped at the door.

Mideye adds strong two-factor login to VPNs, remote desktops, and web applications, as a hybrid cloud service, fully air-gapped on-prem, or a simple cloud API. Built in Sweden, hosted in the Nordics, serving enterprises, government authorities, and mobile operators worldwide.

Line-art smartphone with a glowing approval checkmark

Mideye MFA

Every method. One server.

Push, SMS, magic link, YubiKey or TOTP, verified against your own directory.

Explore MFA
Line-art shield built from hexagonal honeycomb cells

Mideye Shield

Attackers out. Even with the right password.

Every source IP is scored before authentication. When one customer is attacked, all are protected.

Explore Shield
Line-art silhouettes of two people sharing an approval checkmark

Assisted Login

Two humans, one login.

Four-eyes approval for critical access, in line with NIS2 access-control requirements.

Explore Assisted Login
Line-art server inside a protective circle with a crossed-out cloud

Air-gapped mode

No Internet? No problem.

Fully offline MFA with TOTP hardware tokens or any authenticator app.

Explore air-gapped mode
1999

Pioneering mobile MFA, born at Ericsson

Nordic

Offices in Stockholm and Espoo, hosted in the Nordics

Global

Users on every inhabited continent

Zero

Schema changes to Active Directory or LDAP

Mideye MFA

Deploy it your way.

The same strong authentication, connected to the cloud, fully air-gapped, or consumed as an API. You choose the trade-off, not us.

Line icon of a cloud linked to an on-premises server

Hybrid Cloud

An on-prem RADIUS server with Internet connectivity to the Mideye service.

  • One-touch approval via the Mideye+ app or RCS
  • SMS one-time passwords, no app required
  • Assisted Login for delegated access and dual-control approval
Explore Hybrid Cloud
Line icon of a server rack secured with a padlock

Air-Gapped On-Prem

The same RADIUS server, fully disconnected, for networks that never touch the Internet.

  • Offline TOTP apps for second-factor login
  • Hardware tokens, YubiKey, HID, and PSKC-compatible
  • For the high-criticality assets where ENISA's NIS2 guidance calls for the most stringent authentication
Explore Air-Gapped mode
Line icon of a cloud holding a key between code brackets

Cloud Authentication

A second-factor authentication API hosted in the Nordics, nothing to install.

  • One REST call to authenticate a user
  • Push first, SMS magic link only as automatic fallback
  • User data stays in the EU/EEA
Explore Cloud Authentication

Works with what you already run.

Mideye integrates over standard RADIUS, no agents to install, no proxies to maintain, no application changes required.

  • FortiGate
  • Palo Alto GlobalProtect
  • Cisco AnyConnect
  • Check Point
  • F5 BIG-IP
  • Citrix NetScaler
  • Windows RDS
  • VMware Horizon
  • Microsoft ADFS
  • Entra ID
  • SAML 2.0
  • SSH & PAM

Deployed and supported by leading Nordic partners. Contact one to get started

Why Mideye

Built for European requirements.

The four-eyes login no one else has

With Assisted Login, a second person approves critical logins in real time. No other MFA vendor offers helpdesk-assisted login, and it maps directly to the segregation-of-duties and dual-control expectations in NIS2 and DORA, and to the four-eyes principle (Vier-Augen-Prinzip) in BSI IT-Grundschutz.

Nordic company, Nordic infrastructure

With offices in Stockholm and Espoo, Mideye builds the central service in Sweden and hosts it in the Nordics with Nordic enterprises. User phone numbers and authentication logs stay in the EU/EEA, a decisive difference from US-owned MFA providers when GDPR and data sovereignty are on the checklist.

Privileged access, covered

RADIUS-based MFA in front of Active Directory, VPN, RDP, and administrative logins: the accounts regulators and auditors examine first. No changes to your directory.

NIS2 is in force, and privileged accounts are first in line.

NIS2 (Article 21(2)(j)) requires multi-factor authentication where appropriate, and ENISA's implementation guidance singles out administrator accounts, management systems, and anything reachable over VPN or RDP. The same guidance ranks SMS one-time passwords as last-resort MFA, below push and app-based methods. Sweden's Cybersäkerhetslagen (2025:1506) took effect in January 2026, and fines for essential entities reach €10 million or 2% of worldwide annual turnover, whichever is higher (Article 34(4)). Mideye puts push-first MFA in front of those logins today.

See the compliance mapping

Mideye Shield

Attacks blocked before authentication even starts.

Shield is a pre-authentication firewall that rejects automated login attacks at the earliest possible stage, including MFA fatigue attacks. Attackers systematically target the identity infrastructure itself; Shield protects the MFA layer that NIS2 Article 21(2) requires, keeping it effective even under sustained attack.

Mideye Shield hive-defense emblem, a shield formed from hexagonal cells

Hive defense

Every source IP is scored 0–100 before authentication begins, using attack data aggregated across Mideye's customer base. When one customer is attacked, all are protected.

Included with Mideye Server 6.5.12 and later.

Credential stuffing

Blocks automated logins that replay stolen credential databases.

Password spray

Detects and stops distributed password-guessing campaigns.

MFA fatigue

Prevents push-notification spam from ever reaching your users.

Less noise, less load

Reduces the attack surface and the load on your authentication infrastructure.

Ready to secure your logins?

Talk to us about a proof-of-concept. Our engineers plan the RADIUS connection together with your IT team and help you integrate your VPN, firewall, or application.