AuthN by IDEE

Your organisation already has MFA. OTPs get intercepted. Push notifications get approved by attackers. Sessions get hijacked. The problem isn't that you lack authentication — it's that the authentication you have can be bypassed.

AuthN by IDEE
is MFA 2.0

Stops all phishing. Stops all MFA bypass.
No credentials to steal. No session to intercept.
No way in.

Start Free 14-Day Trial
The Architecture

Built entirely
on zeroes.

AuthN strips authentication down to its cryptographic core. No shared secrets. No central database of passwords. No decision a human can get wrong.

Cryptography PKI · AES-256 · ECC-512
Key storage TPM / Secure Enclave
Standards FIDO2 · WebAuthn · NIST
Protocols SAML · OIDC · WS-FED · WS-Trust
Post-quantum ready NIST ML-KEM
0
Zero Trust
Every request cryptographically verified. Nothing trusted by default — not the network, not the device, not the user.
0
Zero Passwords
End-to-end passwordless — including registration and account recovery. Nothing to steal, guess, or reuse.
0
Zero Agents
No software to install. No dependencies to break. Works with the hardware your users already carry.
0
Zero Knowledge & Zero PII Stored
IDEE stores no credentials, no passwords, and no secrets. No personal data stored. Breaching us yields nothing of value to an attacker. GDPR and CCPA compliant by architecture, not configuration.
0
Zero Phishable Factors
No phishable factors — across every stage of the identity lifecycle: registration, authentication, authorization, device enrollment, and decommissioning.
Simplicity

We got rid
of the legacy.

Every element of legacy authentication that could be exploited, lost, or forgotten — removed. What's left is just you and your device.

Passwords Second Device Additional Software Additional Hardware OTP Push Notifications
Coverage

Protect
everything.

AuthN secures every access point across your organisation — without replacing a single system you already run (except your legacy MFA).

Employees Customers Suppliers VPN Cloud Apps On-Prem Apps Remote Access Legacy Apps
Prevention — Not Detection

We took risk out of the picture.

AuthN by IDEE doesn't make attacks harder to pull off. It removes the conditions that make them possible in the first place. This is MFA 2.0 — next generation MFA.

Credential Phishing
There is no OTP or session token to capture. Authentication uses a private key that never leaves the device, so there is nothing for a proxy site to intercept.
Adversary-in-the-Middle
The cryptographic signature is bound to the exact service being accessed. A relay attack produces a signature that won't verify, so the authentication simply fails.
Insider Threats
Each authentication is cryptographically tied to a specific registered user and device. One person's credentials cannot be used by another, even with full access to the system.
Device Theft
The private key is locked inside the device's secure enclave and can only be used after the owner unlocks it with biometrics or PIN. A stolen device is cryptographically useless.
Social Engineering
There is no push to approve, no code to read out, no human step that can be manipulated. The device authenticates directly and cryptographically, once the user unlocks the device.
Centralized Storage of Credentials
IDEE stores no credentials, no passwords, and no secrets. There is nothing in our infrastructure worth stealing. Breaching us yields nothing of value to an attacker.
User Experience

Register any device once. The device becomes your authenticator.

Can you unlock your device? Then you can use AuthN by IDEE. We made it so simple that both TikTok queens and flip-phone fans can use it with ease.

Step 01

Register the device once

in a few seconds available for any device made after 2016.

Step 02

Unlock to authenticate

in a couple of seconds — MFA 2.0 protection delivered everytime.

User unlocks their device for the first time
Cryptographic private key bound to user identity & service created inside the secure enclave
Device is now the authenticator
Logged in securely with phishing-proof MFA 2.0
Deployment

Can you copy and paste?

Then you can deploy AuthN by IDEE. No-code integration. No consultants. No project plan. Just connect to your existing stack and go.

No agents to install
No hardware to provision
No passwords to migrate
No-code integration
Works on all devices made after 2015
Built For

Every device. Both company and private.

Whether your workforce uses company-issued hardware or their own personal devices. AuthN works without installing any hardware or software. Supported on Windows, macOS, iPadOS, iOS, Android, Linux, and much more. This is MFA 2.0.

Device protection Range
Managed Devices

Your entire company fleet becomes unphishable instantly. Protects every user, every device, and every app without adding agents, software, and hardware.

Unmanaged Devices

Remote workers and contractors become unphishable instantly, without surrendering device control to IT. No MDM, no problem. GDPR and CCPA compliant because personal data never enters the equation.

Integrations

Protects every environment.

AuthN by IDEE supports the protocols and platforms your infrastructure depends on. No rip-and-replace required.

Protocols
SAML OIDC WS-FED WS-Trust WebAuthn FIDO2
On-Prem Directories
Active Directory Ping Federate ForgeRock Keycloak NetIQ eDirectory OpenLDAP
Cloud Directories
Microsoft Entra ID Google Workspace Okta Ping JumpCloud OneLogin
Productivity
Microsoft 365 Google Workspace Notion Zoho Workplace Slack Clickup
AI Tools
ChatGPT (OpenAI) Claude (Anthropic) Microsoft Copilot Google Gemini Perplexity AI
ZTNA & VPN
Cisco Palo Alto Networks Fortinet Zscaler Netskope Cloudflare
CRM & Support
Salesforce HubSpot Microsoft Dynamics Zoho CRM Zendesk Freshworks
Remote Tools
Microsoft Remote Desktop Citrix Omnissa Horizon (VMware Horizon) TeamViewer AnyDesk
Supported Devices
Windows macOS iOS Android iPadOS Linux Chromebook

AuthN integrates with tens of thousands of apps in minutes. Not sure if your application is covered? Let's check.

Let's check →
The Benefits

Everything you gain the moment you deploy MFA 2.0.

AuthN by IDEE delivers results from day one — for security, for compliance, and for the people who depend on it.

01
Prevents all account takeovers
There's nothing to steal. No credential exists. No code to intercept. No factor to replay. Phishing, AiTM, MFA fatigue, credential stuffing. All structurally impossible. That's not a claim. That's the architecture.
02
Transitive trust across the full user lifecycle
The cryptographic chain is unbroken from registration through authentication, authorization, and adding new devices. No gaps. No assumptions.
03
Zero PII stored. GDPR and CCPA compliant by architecture
Biometrics stay on the device. No personal data is transmitted or stored. Compliance is built into how AuthN works..
04
MFA 2.0 available on managed and unmanaged devices
No MDM enrollment required for unmanaged devices. No agents. No hardware. MFA 2.0 for your entire workforce, whatever device they use.
05
Post-quantum ready
AES-256-Bit & ECC-512 encryption. Post-quantum cryptography using NIST ML-KEM hybrid mechanisms. This is security by design.
06
99.99% uptime, and your team keeps working even if we go down
Hosted on georedundant AWS infrastructure with a 99.99% uptime SLA. Zero outages in five years. Offline login means your users authenticate even without IDEE connectivity, with a tested RTO of 6 minutes.
Case Studies

Security that works
in the real world.

From overnight breach recovery to enterprise-wide rollouts — AuthN by IDEE is deployed where failure is not an option.

Financial Services
Deka Bank — Germany's Leading Financial Securities Provider
One of Germany's largest financial institutions needed authentication that could meet the highest regulatory standards without burdening their users. AuthN by IDEE delivered SaaS passwordless MFA — phish-proof from day one, zero PII stored, deployed without disruption.

"IDEE GmbH offers a new way of thinking for securing digital identities with best-in-class security, privacy and usability." — Stefan Hachmeister, Head of Capital Markets
Manufacturing
Pharmaceutical Contract Manufacturer — 5,000 Users, One Device
A global pharmaceutical contract manufacturer needed MFA across a large, distributed workforce — without additional hardware, without additional software, and without a lengthy rollout. AuthN deployed single-device MFA for 3,000 users with no disruption to daily operations and no IT overhead per user.
Cyber Insurance
International Beverages Co-op — Phish-Proof for Cyber Insurance
An international beverages cooperative needed to qualify for comprehensive cyber insurance coverage — which required demonstrable, phish-proof MFA. AuthN by IDEE met the insurer's requirements and protected every access point across their distributed workforce, making them both insurable and secure.
Post-Breach Recovery
Udo Gärtner — Back to Full Security Overnight
Following a Microsoft 365 breach, Udo Gärtner needed to restore secure access fast — without rebuilding their entire infrastructure. AuthN by IDEE was deployed overnight. By morning, every user was authenticated with phish-proof MFA and the entire attack surface that enabled the breach was gone.
Accessibility

MFA has an accessibility problem. We fixed it.

Requiring a second device to authenticate isn't just inconvenient — for millions of people with disabilities, it's a barrier to access. True MFA 2.0 is secure and inclusive by design.

Motor & physical disabilities

Picking up a phone, unlocking it, opening an app, and reading a code — all while your primary device is waiting — is not possible for people with tremors, limited dexterity, limb differences, or paralysis. Push notification timeouts make this worse: approve within 30 seconds or start over.

Visual impairments

Reading a 6-digit TOTP code from a physical token or a small phone screen is a significant challenge for people with low vision or blindness. Authenticator apps have inconsistent screen reader support. The 30-second expiry window adds time pressure that assistive technology cannot always keep pace with.

Cognitive & neurodivergent

Switching attention between two devices, memorising a code, and transcribing it within a time limit is precisely what cognitive disability makes difficult. For people with ADHD, dyslexia, or memory impairments, this multi-step process under time pressure creates anxiety and repeated login failures.

WCAG 2.2 — Accessible Authentication

Transcribing a TOTP code is a cognitive function test. WCAG 2.2 prohibits it at Level AA.

Success Criterion 3.3.8 (Level AA) of WCAG 2.2 — the standard referenced in EU and US accessibility law — states that authentication must not require a cognitive function test unless an alternative is available. Reading a 6-digit code from a second device and transcribing it within 30 seconds is precisely that: a memorisation and transcription task.

Any organisation deploying TOTP-based or second-device MFA as their only authentication option is likely non-compliant with WCAG 2.2 AA — which is the de facto standard in EU and US accessibility enforcement.

EU — Directive 2019/882 (European Accessibility Act)

In force from 28 June 2025 for new services. Covers e-commerce, banking, telecoms, and electronic identification services. Digital services must meet EN 301 549, which incorporates WCAG and extends accessibility requirements to biometric and authentication interactions.

US — ADA Title III & Section 508

Section 508 mandates accessible ICT for federal agencies. ADA Title III applies to private businesses — courts have extended it to digital services, with WCAG 2.1 AA as the de facto compliance standard in settlements. Over 2,500 ADA digital accessibility lawsuits were filed in 2024 alone.

UN CRPD — Article 9

The UN Convention on the Rights of Persons with Disabilities obliges signatory states to ensure that persons with disabilities can access information and communication technologies on equal terms. Digital authentication barriers may constitute a rights violation under ratified national law.

How AuthN by IDEE addresses this

Same-device MFA removes the accessibility barrier entirely — without compromising security.

No second device to pick up, hold, or operate — authentication happens on the device already in use.
No code to read, memorise, or transcribe — eliminates the cognitive function test that WCAG 2.2 prohibits.
Uses biometric verification (fingerprint or face) built into devices — designed with accessibility in mind by OS vendors.
No time pressure — there is no expiring code, no push approval window to beat.
Works with assistive technologies already installed on the user's device — screen readers, switch access, voice control.
Supports offline login — no dependency on mobile signal, which is a critical gap for users in low-connectivity environments.

Security and inclusion are not in tension. When you remove the second device, you remove the attack surface and the access barrier at the same time.

Talk to our team

Authenticate with Confidence.
Start with MFA 2.0, today.

Your users can't be phished. Your credentials can't be stolen. And you can be live in minutes.

Start Free 14-Day Trial