On-Prem Identity Provider
MagicEndpoint IdP is deployed entirely inside the isolated network. No external connectivity is required for authentication or policy synchronization.
M AIR-GAPPED SECURITY
MagicEndpoint delivers passwordless multi-factor authentication for environments without Internet connectivity, phones, or cloud IdPs. It extends Zero Trust to isolated systems ensuring identity assurance from power-on to shutdown, with no user action after endpoint login.
Why CISOs deploy MagicEndpoint in Air-Gapped Networks
Offline MFA – No External Dependency
Operates entirely on-premises. No SaaS, no push notifications, no external authorization calls. All trust is established locally within the isolated network.
Strong Authentication Under Isolation
Supports TPM/PIN, PIV smartcards, or BLE tablet authenticators for hardware-rooted identity verification-without mobile devices.
Continuous Trust Across Sessions
Once the endpoint is logged in, all subsequent authentication to RDP, SSH, LDAP, or legacy apps happens automatically, maintaining Zero Trust without user prompts.
Unified Policy and Audit Control
Centralized management for policy, key rotation, and audit reporting all maintained within the air-gapped boundary to meet CMMC and FIPS compliance.

MagicEndpoint IdP is deployed entirely inside the isolated network. No external connectivity is required for authentication or policy synchronization.
Each user/device pair generates a unique key pair secured in TPM. The private key never leaves the device and cannot be duplicated, ensuring cryptographic assurance at the hardware level.
After endpoint login, authentication flows silently to authorized resources using persistent trust signals and session-bound cryptographic validation.
Integrated encryption and access control for USB or external drives (FIPS 140 validated), with full policy enforcement and audit trail for compliance.
Addresses all authentication and encryption controls relevant to Controlled Unclassified Information (CUI) protection and continuous verification.
Meets AAL3 standards for hardware-based authentication without Internet dependency; ensures policy-bound trust in isolated systems.
Ensures cryptographic modules used for key management and removable media encryption meet federal certification requirements.
