Cloud-Native NAC for the Modern Enterprise

Network access control,
reimagined for cloud.

802.1X authentication, dynamic VLAN segmentation, and certificate-based device identity.
All managed from the cloud with your existing identity provider.

npass.io dashboard
EAP-TLS

Auto-provisioned cert

GDPR Compliant

EU data residency

  • 802.1X

    Standards-based Layer 2

  • EU

    Data residency (Frankfurt)

  • < 3 min

    SaaS-powered onboarding

  • Zero-Touch

    Device provisioning

Powerful Features

Everything you need for modern network access control

  • 802.1X Authentication

    RADIUS-based authentication with EAP-TLS, built-in CA, and dynamic VLAN assignment. Automatic fail-VLAN with DNS sinkhole for rogue devices.

  • IdP Integration

    Identity-first onboarding. Federate with Google Workspace or any OIDC-based identity provider. Zero manual identity management.

  • Self-Service Portal

    Users register devices themselves. Profiles and 802.1X certificates install automatically on Windows, macOS, iOS, and Android. No IT tickets needed.

  • Back Office & Audit

    Admin console for policies, user and device lifecycle, real-time health dashboards, and exportable session logs. 2FA-protected admin login.

  • EU Data Residency

    Multi-tenant SaaS running on AWS Frankfurt. EU data residency by design. Per-tenant isolation through dedicated NLBs and isolated database schemas.

  • IP Mobility

    Identity-bound DHCP engine for lifetime IP per employee. Maintain the same IP across sites, floors, and networks seamlessly.

  • Analytics & Audit

    Rule-based anomaly detection, policy violation alerts, and automated risk scoring. Capacity planning reports and structured audit query interface for compliance reviews.

How it works

Three steps for IT
One tap for everyone else

Set up your organization on the Back Office once, and your team self-onboards from a single email.

For Admins

~5 minutes

Set up once. Done.

  • 1

    Sign up

    Create your organization and choose a plan. Start free or pick the tier that fits.

    ~ 2 min
  • 2

    Configure essentials

    Set your organization name, SSIDs, and RADIUS endpoint.
    A handful of fields — that's it.

    ~ 3 min
  • 3

    Add your team

    Invite users manually, or sync via SAML / OIDC for automatic provisioning.

    manual or SSO

For End Users

~30 seconds

Zero learning curve.

  • 1

    Open invitation email

    Receive a secure invite link — or visit the URL the admin shared.

    no app install
  • 2

    Tap "Register this device"

    802.1X profile and EAP-TLS certificate install automatically. Done.

    no IT ticket

From sign-up to first authenticated login : under one hour.

Why npass.io

No Appliance
No Professional services
No Tickets

Same enterprise-grade 802.1X + RADIUS as legacy NAC — without the hardware, the consultants, or the multi-year contract.

  • Traditional NAC

    Hardware-era deployment

    • Hardware appliance to procure, rack, and license

    • Weeks of professional services to stand up

    • Capacity planning and hardware refresh cycles

    • Per-site deployments for multi-location orgs

    • Multi-year contracts and vendor lock-in

From PO to production

months

From sign-up to first login

under 1 hour

Compliance & Security

Transparent about what's in place today, and what's on our certification roadmap.

  • Compliant by design — in place today

    Legal obligations
    • In place
      GDPR

      Privacy-by-design architecture, Art. 13/14 transparency, Art. 28 DPA available on request, Art. 30 records of processing maintained.

    • In place
      NIS2 alignment

      Technical and organizational measures (TOMs) aligned with NIS2 Art. 21 risk management requirements. Incident response procedures documented.

    • In place
      TDDDG / DDG §5

      German telemedia and digital services law: Impressum, cookie consent, and electronic communication requirements fully met.

    • In place
      EU Data Residency

      All customer data hosted in the European Union (AWS Frankfurt, eu-central-1). No data egress outside the EU without explicit customer consent.

  • Certification roadmap

    Independent audits
    • In progress
      ISO/IEC 27001

      Information Security Management System (ISMS) implementation underway. Scope covers Berlin operations and Seoul R&D under a single ISMS.

    • Planned
      BSI C5 Type 2

      German cloud security attestation (ISAE 3000) targeted after ISO 27001 certification, prioritized based on public-sector and regulated customer demand.

    • Planned
      SOC 2 Type II

      AICPA Trust Services Criteria attestation for customers requiring SOC 2 reports. To be pursued in parallel with BSI C5 based on customer portfolio needs.

Early-access transparency. npass.io is in its early-access phase. We are fully compliant with applicable EU and German laws (GDPR, NIS2, TDDDG) today, and we are transparent that independent certifications are on our roadmap rather than already completed. Early-access customers receive our current TOMs documentation, DPA, and a binding commitment to our certification timeline. For detailed sub-processor and security information, see Security & Sub-processors.

Early Access — Invitation Only

npass.io is currently onboarding a limited number of design-partner customers. Plans and pricing are shared privately with invited teams.

Request an invitation

We partner closely with early customers

During our early-access phase we work hand-in-hand with a small group of enterprises to shape the product. Invited teams receive tailored onboarding, a direct line to our engineers, and transparent pricing built around their deployment — not a public rate card.

  • Dedicated onboarding and integration support

  • Custom pricing tailored to your users, sites, and devices

  • Direct access to the engineering team and roadmap

  • EU-hosted and fully GDPR / NIS2 / TDDDG compliant by design

We'll get back to qualified requests within 2 business days.

Ready to modernize your network?

Join our early-access program and help shape the future of cloud-native NAC.