Identity & access management

Passwordless authentication and transaction signing for enterprises

Replace passwords and SMS codes with a single tap on the phone your people already carry. Deploy on-premise or in the cloud. Your VPN, Windows and web applications keep working unchanged.

The Notakey Authenticator app showing a VPN login approval that the user can approve or deny with one tap.

Why Notakey

Stronger than tokens and SMS, easier on your users and your IT team

Can’t be phished

The user’s key is generated inside their phone’s secure hardware and never leaves it. There is no password to steal and no code to intercept.

Onboarded in minutes, no support tickets

Employees enroll themselves against the user directory you already run: Active Directory, LDAP or RADIUS. No hardware tokens to ship, no helpdesk queue.

Runs where you need it

A virtual appliance on your own infrastructure, or our cloud. It speaks the protocols your systems already use (RADIUS, SAML, OAuth), so your VPN and applications keep working unchanged.

Audit-ready by default

Every authentication and signature is a cryptographically signed, timestamped event. Your auditors get the log without you building one.

How it works

Three steps between your users and passwordless

  1. 01

    Enroll

    The user installs the Notakey Authenticator app and enrolls with their existing credentials. A key pair is created in the phone’s secure element. The private key never leaves the device, and Notakey never stores user data centrally.

  2. 02

    Approve

    A login or transaction triggers a push notification showing exactly what’s being approved. The user checks the details and confirms with a tap, plus a fingerprint or face check if your policy requires it.

  3. 03

    Prove

    The approval is a digital signature over the request, timestamped and certificate-backed. Your systems verify it cryptographically and keep it as audit evidence.

Under the hood: public-key cryptography instead of shared secrets, an X.509 certificate per enrolled device, and onboarding flows you control, from simple credentials to SMS, in-person or OpenID Connect.

See it working

Don’t take our word for it: configure it

Our customers are security-conscious organizations that prefer not to be named, so instead of a logo wall, we show the product. Follow a real configuration guide, or sign a transaction in the live demo bank right now.

notakey-appliance / services
The Notakey appliance admin console listing configured services (VPN, Windows login, WordPress and OpenID), each managed from one dashboard.

One console for every channel

VPN, Windows login, web SSO and transaction signing are all configured from the same appliance dashboard. Add a service, set its security policy, and point the system you already run at it. There are no separate products to license or operate.

Live demo

Sign a payment in the demo bank

A working online bank protected by Notakey. Onboard your phone and approve a transaction — two minutes, no sales call.

demobank.notakey.com →

How-to guides

Configure it yourself

Step-by-step guides for VPN with RADIUS, MikroTik, Windows Remote Desktop and WordPress, written for the engineer doing the work.

Browse the guides →

See your first passwordless login this week

A 30-minute call with an engineer, not a sales deck. We’ll map your VPN, SSO or Windows setup to a working pilot.