Mideye: On-Premises MFA for VPN & Apps
Mideye Server is an on-premises multi-factor authentication (MFA) platform. It integrates with your existing infrastructure to protect user logins with a second factor, without replacing your identity provider, VPN, or password system.
What it does
Section titled “What it does”- Adds a second factor to existing logins. Users authenticate with their password first, then verify with a push notification, SMS code, hardware token, or TOTP app.
- Speaks protocols your infrastructure already uses. RADIUS for VPNs and firewalls. REST API for web applications. LDAP for user directories.
- Runs on your infrastructure. Authentication decisions happen on your server, with your data, under your control.
- Delivers OTPs through Mideye’s cloud services. SMS and push notifications are routed through Mideye Switch and Mideye Cloud, but your credentials never leave your network.
What it does not do
Section titled “What it does not do”Setting accurate expectations:
- Not a VPN. Mideye authenticates users; your VPN handles the tunnel.
- Not an identity provider. Mideye adds a second factor to existing authentication, it doesn’t replace Active Directory, Entra ID, or LDAP.
- Not a password manager. Users still need their primary credentials.
- Not a single sign-on solution. Though it integrates with ADFS and other identity providers for federated MFA.
Who is it for
Section titled “Who is it for”Mideye Server is designed for organizations that:
- Need MFA for VPN, remote access, or network equipment (via RADIUS)
- Want to add MFA to web applications (via REST API / Magic Link)
- Require on-premises control over authentication decisions and user data
- Operate in regulated industries where data residency matters
Supported platforms
Section titled “Supported platforms”Mideye Server runs on:
- RHEL / Rocky / Alma 8.x and 9.x (RPM)
- Debian 11, 12, 13 and Ubuntu 22.04, 24.04 (DEB)
- Windows Server 2016–2025 (MSI)
- Docker / Podman (container image)
See Pre-install Checklist for hardware and software requirements.
How Mideye Server compares
Section titled “How Mideye Server compares”Most MFA solutions today are cloud-only, your authentication data, user records, and login decisions are processed on the vendor’s servers. Mideye Server takes a different approach:
| Aspect | Cloud-only MFA | Mideye Server |
|---|---|---|
| Authentication decisions | Vendor’s cloud | Your server |
| User data location | Vendor’s infrastructure | Your database |
| Internet dependency | Required for all MFA | Optional, air-gapped TOTP works offline |
| RADIUS support | Often proxy-based or limited | Native RADIUS server + RADSEC |
| Data sovereignty | Vendor’s jurisdiction | Your jurisdiction |
| Vendor lock-in | SDK/agent integration | Standard RADIUS, works with any VPN/firewall |
| Compliance posture | Depends on vendor certifications | Your infrastructure, your auditors, your control |
Mideye isn’t anti-cloud, it uses cloud services for SMS and push delivery. But the authentication engine, the credentials, and the decision-making stay on your premises. This is a fundamentally different trust model.
For a deeper comparison, see On-Premises vs Cloud MFA.
Key capabilities at a glance
Section titled “Key capabilities at a glance”- 11 authentication types: Push, SMS, TOTP, hardware tokens, Magic Link, Assisted Login, and more → Authentication Types
- RADIUS and RADSEC: Native RADIUS server with optional TLS encryption → What is RADIUS? What is RADSEC?
- Mideye Auth API: Passwordless MFA for web apps via REST → Magic Link Authentication
- Directory integration: LDAP, Active Directory, Microsoft Entra ID → Directory Integration
- Threat intelligence: IP reputation and automatic blocking → Mideye Shield
- Air-gapped mode: MFA without internet connectivity → Air-Gapped Authentication
- Assisted Login: Human-approved authentication for shared environments → Assisted Login
- Compliance support: NIS2, GDPR, DORA, ISO 27001, PCI DSS → Compliance & Regulatory Frameworks
- EU data sovereignty: Swedish company, all services in EU data centers (Sweden and Finland) → Data Residency
Licensing
Section titled “Licensing”Mideye Server is licensed per user. Contact info@mideye.com for pricing.
Trial licenses are available for evaluation.
Next steps
Section titled “Next steps”- System Architecture, Understand the components and how they connect
- Authentication Flows, See how logins work step by step
- Getting Started, Install and configure Mideye Server