Network access control,
reimagined for cloud.
802.1X authentication, dynamic VLAN segmentation, and certificate-based device identity.
All managed from the cloud with your existing identity provider.
EAP-TLS
Auto-provisioned cert
GDPR Compliant
EU data residency
-
802.1X
Standards-based Layer 2
-
EU
Data residency (Frankfurt)
-
< 3 min
SaaS-powered onboarding
-
Zero-Touch
Device provisioning
Powerful Features
Everything you need for modern network access control
-
802.1X Authentication
RADIUS-based authentication with EAP-TLS, built-in CA, and dynamic VLAN assignment. Automatic fail-VLAN with DNS sinkhole for rogue devices.
-
IdP Integration
Identity-first onboarding. Federate with Google Workspace or any OIDC-based identity provider. Zero manual identity management.
-
Self-Service Portal
Users register devices themselves. Profiles and 802.1X certificates install automatically on Windows, macOS, iOS, and Android. No IT tickets needed.
-
Back Office & Audit
Admin console for policies, user and device lifecycle, real-time health dashboards, and exportable session logs. 2FA-protected admin login.
-
EU Data Residency
Multi-tenant SaaS running on AWS Frankfurt. EU data residency by design. Per-tenant isolation through dedicated NLBs and isolated database schemas.
-
IP Mobility
Identity-bound DHCP engine for lifetime IP per employee. Maintain the same IP across sites, floors, and networks seamlessly.
-
Analytics & Audit
Rule-based anomaly detection, policy violation alerts, and automated risk scoring. Capacity planning reports and structured audit query interface for compliance reviews.
Three steps for IT
One tap for everyone else
Set up your organization on the Back Office once, and your team self-onboards from a single email.
For Admins
~5 minutes
Set up once. Done.
-
1
Sign up
Create your organization and choose a plan. Start free or pick the tier that fits.
~ 2 min -
2
Configure essentials
Set your organization name, SSIDs, and RADIUS endpoint.
A handful of fields — that's it.~ 3 min -
3
Add your team
Invite users manually, or sync via SAML / OIDC for automatic provisioning.
manual or SSO
For End Users
~30 seconds
Zero learning curve.
-
1
Open invitation email
Receive a secure invite link — or visit the URL the admin shared.
no app install -
2
Tap "Register this device"
802.1X profile and EAP-TLS certificate install automatically. Done.
no IT ticket
From sign-up to first authenticated login : under one hour.
No Appliance
No Professional services
No Tickets
Same enterprise-grade 802.1X + RADIUS as legacy NAC — without the hardware, the consultants, or the multi-year contract.
-
Traditional NAC
Hardware-era deployment
Hardware appliance to procure, rack, and license
Weeks of professional services to stand up
Capacity planning and hardware refresh cycles
Per-site deployments for multi-location orgs
Multi-year contracts and vendor lock-in
-
npass.io
Cloud-native, self-serve
Sign up and log in — no hardware, no install
Self-serve setup — no consultants required
Elastic capacity, managed for you on AWS Frankfurt
One tenant covers all sites, anywhere in the EU
Monthly subscription, scale up or down on demand
months
under 1 hour
Compliance & Security
Transparent about what's in place today, and what's on our certification roadmap.
-
Compliant by design — in place today
Legal obligations-
In place
GDPR
Privacy-by-design architecture, Art. 13/14 transparency, Art. 28 DPA available on request, Art. 30 records of processing maintained.
-
In place
NIS2 alignment
Technical and organizational measures (TOMs) aligned with NIS2 Art. 21 risk management requirements. Incident response procedures documented.
-
In place
TDDDG / DDG §5
German telemedia and digital services law: Impressum, cookie consent, and electronic communication requirements fully met.
-
In place
EU Data Residency
All customer data hosted in the European Union (AWS Frankfurt, eu-central-1). No data egress outside the EU without explicit customer consent.
-
-
Certification roadmap
Independent audits-
In progress
ISO/IEC 27001
Information Security Management System (ISMS) implementation underway. Scope covers Berlin operations and Seoul R&D under a single ISMS.
-
Planned
BSI C5 Type 2
German cloud security attestation (ISAE 3000) targeted after ISO 27001 certification, prioritized based on public-sector and regulated customer demand.
-
Planned
SOC 2 Type II
AICPA Trust Services Criteria attestation for customers requiring SOC 2 reports. To be pursued in parallel with BSI C5 based on customer portfolio needs.
-
Early-access transparency. npass.io is in its early-access phase. We are fully compliant with applicable EU and German laws (GDPR, NIS2, TDDDG) today, and we are transparent that independent certifications are on our roadmap rather than already completed. Early-access customers receive our current TOMs documentation, DPA, and a binding commitment to our certification timeline. For detailed sub-processor and security information, see Security & Sub-processors.
Early Access — Invitation Only
npass.io is currently onboarding a limited number of design-partner customers. Plans and pricing are shared privately with invited teams.
Request an invitation
We partner closely with early customers
During our early-access phase we work hand-in-hand with a small group of enterprises to shape the product. Invited teams receive tailored onboarding, a direct line to our engineers, and transparent pricing built around their deployment — not a public rate card.
-
Dedicated onboarding and integration support
-
Custom pricing tailored to your users, sites, and devices
-
Direct access to the engineering team and roadmap
-
EU-hosted and fully GDPR / NIS2 / TDDDG compliant by design
We'll get back to qualified requests within 2 business days.
Ready to modernize your network?
Join our early-access program and help shape the future of cloud-native NAC.