N-VPN
2-factor authentication for VPN
Add a phone-tap second factor to any VPN without replacing your firewall, your RADIUS setup, or your users’ habits.
The problem
Passwords alone don’t protect remote access
A single phished or reused VPN password gives an attacker the same network position as an employee at their desk. SMS codes and hardware tokens patch the hole but create a new one: codes get intercepted or retyped wrongly, tokens get forgotten at home, and every failed login lands on your IT desk.
The solution
A second factor your users don’t have to think about
The VPN login triggers a push notification on the employee’s phone. They read what they’re approving, tap once, and they’re in: no codes to retype, nothing to carry, nothing to intercept.
The appliance sits transparently between your VPN concentrator and your existing RADIUS or Active Directory, so firewalls and routers keep working unchanged. Deploy it as a virtual appliance on your own infrastructure, or use the hosted cloud version.
- RADIUS proxy, transparent to existing VPN concentrators
- User sources: Active Directory, LDAP, RADIUS
- Virtual appliance (on-premise) or hosted cloud
- FreeRADIUS plugin and MikroTik script available
How it works
From zero to protected
- 01
Deploy the appliance
Import the virtual appliance (or start a cloud instance) and point it at your existing RADIUS server or Active Directory as the user source.
- 02
Users enroll themselves
Employees install the Notakey Authenticator app and onboard with their existing credentials. A key pair is generated inside the phone’s secure hardware.
- 03
Every VPN login asks the phone
The appliance proxies the RADIUS request, pushes an approval to the user’s phone, and only completes the login after a cryptographically signed approval.
Proof