Mideye MFA
Every method. One server.
Push, SMS, magic link, YubiKey or TOTP, verified against your own directory.
Explore MFANordic MFA, pioneering mobile authentication since 1999
Mideye adds strong two-factor login to VPNs, remote desktops, and web applications, as a hybrid cloud service, fully air-gapped on-prem, or a simple cloud API. Built in Sweden, hosted in the Nordics, serving enterprises, government authorities, and mobile operators worldwide.
Pioneering mobile MFA, born at Ericsson
Offices in Stockholm and Espoo, hosted in the Nordics
Users on every inhabited continent
Schema changes to Active Directory or LDAP
Mideye MFA
The same strong authentication, connected to the cloud, fully air-gapped, or consumed as an API. You choose the trade-off, not us.
An on-prem RADIUS server with Internet connectivity to the Mideye service.
The same RADIUS server, fully disconnected, for networks that never touch the Internet.
A second-factor authentication API hosted in the Nordics, nothing to install.
Mideye integrates over standard RADIUS, no agents to install, no proxies to maintain, no application changes required.
Why Mideye
With Assisted Login, a second person approves critical logins in real time. No other MFA vendor offers helpdesk-assisted login, and it maps directly to the segregation-of-duties and dual-control expectations in NIS2 and DORA, and to the four-eyes principle (Vier-Augen-Prinzip) in BSI IT-Grundschutz.
With offices in Stockholm and Espoo, Mideye builds the central service in Sweden and hosts it in the Nordics with Nordic enterprises. User phone numbers and authentication logs stay in the EU/EEA, a decisive difference from US-owned MFA providers when GDPR and data sovereignty are on the checklist.
RADIUS-based MFA in front of Active Directory, VPN, RDP, and administrative logins: the accounts regulators and auditors examine first. No changes to your directory.
NIS2 (Article 21(2)(j)) requires multi-factor authentication where appropriate, and ENISA's implementation guidance singles out administrator accounts, management systems, and anything reachable over VPN or RDP. The same guidance ranks SMS one-time passwords as last-resort MFA, below push and app-based methods. Sweden's Cybersäkerhetslagen (2025:1506) took effect in January 2026, and fines for essential entities reach €10 million or 2% of worldwide annual turnover, whichever is higher (Article 34(4)). Mideye puts push-first MFA in front of those logins today.
See the compliance mappingMideye Shield
Shield is a pre-authentication firewall that rejects automated login attacks at the earliest possible stage, including MFA fatigue attacks. Attackers systematically target the identity infrastructure itself; Shield protects the MFA layer that NIS2 Article 21(2) requires, keeping it effective even under sustained attack.
Every source IP is scored 0–100 before authentication begins, using attack data aggregated across Mideye's customer base. When one customer is attacked, all are protected.
Included with Mideye Server 6.5.12 and later.
Blocks automated logins that replay stolen credential databases.
Detects and stops distributed password-guessing campaigns.
Prevents push-notification spam from ever reaching your users.
Reduces the attack surface and the load on your authentication infrastructure.
Talk to us about a proof-of-concept. Our engineers plan the RADIUS connection together with your IT team and help you integrate your VPN, firewall, or application.