PLATFORM · MFA

Simplified Multi-Factor Authentication
for all your infrastructure

Protect Active Directory, Windows, Linux, Radius Infrastructure and Databases.

Sign up freeGet in touch
AD
Agentless deployment
Biometric MFA
Conditional access policies
Privileged access management
Radius / TACACS+ support
WINDOWS + ACTIVE DIRECTORY

Works Natively with AD

AuthNull MFA works natively with on-premise Active Directory without having to sync and authenticate against a separate identity infrastructure — authenticate Windows or AD-connected Linux hosts directly on the AD infrastructure.

Use On-Prem AD without account syncing
AuthNull can directly authenticate your Windows endpoints against Active Directory without the need to sync accounts.
Agents and Agentless MFA Support
AuthNull supports both agent and agentless MFA for Windows endpoints, giving you full deployment flexibility.
Talk to an expert
Active Directory Domain Services
Before You Begin
Installation Type
Server Selection
Server Roles
Features
AD DS
Confirmation
Results
Active Directory Domain Services
AD DS stores information about users, computers, and other devices on the network.
✓ Agent-based support
✓ Agentless support
✓ No account syncing required
✓ Windows + Linux AD endpoints
LINUX + AD / LOCAL ACCOUNTS

MFA for Linux + AD or Local Accounts

Drop-in PAM module replaces passwords with biometric MFA on every Linux box. SSH sessions are recorded, scoped, and time-bound by policy.

Active Directory Passwordless 1FA or MFA
AuthNull enables Active Directory lookup for Passwordless 1FA or MFA on Linux machines.
Local user Passwordless 1FA or MFA with Breakglass support
AuthNull provides support for local user passwordless 1FA or MFA with Breakglass support for emergency access.
Talk to an expert
SSH · SUDO · PAM Modules
Linux — Live Session
nicole@laptop:~$ ssh prod-db-01
→ MFA challenge sent to phone
→ approved
Last login: Tue 14:02 from 10.4.2.18
session recording: on · ttl: 4h
sudo visudo
✓ AuthNull PAM module active
breakglass: enabled
RADIUS / TACACS+

MFA for Radius / TACACS+ Authentication

AuthNull works with Radius – 802.1x and TACACS+ Authentication out of the box, securing VPN, WiFi, and network device access with a lightweight bridge — no infrastructure changes required.

Works with Radius – 802.1x / TACACS+ out of the box
AuthNull works with Radius – 802.1x / TACACS+ Authentication without complex infrastructure changes.
Uses a Radius Bridge
AuthNull uses a Radius Bridge to introduce MFA against Radius servers, making deployment fast and non-disruptive.
Talk to an expert
Corporate Network
💻
RADIUS CLIENT
🗄️
RADIUS SERVER
🗄️
ACTIVE DIRECTORY
# radius bridge
vpn.corp → push MFA
wifi.corp/staff → biometric
802.1x → TACACS+ bridge active
AGENT / AGENTLESS

Agent and Agentless MFA for Active Directory

For Active Directory, AuthNull supports both agent and agentless MFA — giving security teams the flexibility to deploy without touching every endpoint.

Agentless
Does not need any client-side installs on endpoints or devices. MFA is enforced at the network and protocol layer.
Agent-based — how does this work?
Uses Windows custom authenticators / log on providers to deliver MFA. For Linux, custom PAM modules handle enforcement.
Talk to an expert
AuthNull · Deployment Mode
Agentless
No client installs · Network-level MFA enforcement
Agent-based
Custom logon provider · PAM module for Linux
Windows: custom logon provider
Linux: PAM module
AD: agentless DC bridge
DATABASE MFA

Database MFA

AuthNull uses a database proxy to deliver MFA to the database — protecting analyst access, privileged users, and AI agents from unauthorized queries.

Supports open source databases
Supports PostgreSQL, MySQL, and MariaDB out of the box with a lightweight proxy requiring no application changes.
How does this work?
AuthNull uses a database proxy to deliver MFA. Ideal for scoped read-only access to analysts and blocking unmanaged AI agents.
Talk to an expert
postgres-prod / connections● live
nicole ● active 4h ttl
diego ● active 2h ttl
llm-rag ● blocked no MFA
proxy: authnull-db-proxy:5432
audit: all queries logged
engines: PostgreSQL · MySQL · MariaDB

Compare MFA Solutions

DuoSecret Double OctopusSilverfortAuthNull
Native support for AD
Not supported
Not supported
Natively supported with agentless approach
Natively supported with Agentless and Agent-based
Radius
Natively supported
Natively supported
Natively supported
Natively supported
Conditional access
Natively available
Not supported
Supported
Supported
Database privileged users
Not available
Not available
Not available
Available
Entra ID
Supported as external authenticator method
Not supported
Supported
Support available soon
Authenticator methods
Duo Push, passcodes, tokens, biometrics, security keys
FIDO based authenticators
Custom App
Custom App
Windows logon
Custom authenticator
Custom authenticator
No custom authenticator
Both — custom and non-custom authenticator
Starting cost
$$ · Few hundred dollars
$$ · Few hundred dollars
$$$$ · Tens of thousands of dollars
$$ · A few hundred dollars

Setup a Demo

Meet with our team to explore your needs, learn how AuthNull mitigates risk, and see a product demo.

Protect your legacy and modern infrastructure
Rollout MFA quickly and easily
Leverage our AI co-pilot to help reduce the operational burden
Talk to an expert