1Key

The Unified Zero Trust Platform

Tap anywhere to explore

Secure Your World, Seamlessly.

One platform replaces nine. Select a category to explore enterprise-grade Zero Trust deployments.

Multifactor Auth

MFA²

Next-gen passwordless and multi-factor authentication spanning the entire tech stack.

Explore
Web Security

Shield

Real-time threat protection, deep packet inspection, and web filtering mapped to your fleet.

Explore
Endpoint Control

Guard

Deep endpoint telemetry, posture assessment, and compliance enforcement across your enterprise.

Explore
Remote Operations

Badger Den

Take control: remote desktop, SYSTEM PowerShell, registry, packet capture, and event logs — with no third-party tools.

Explore

There are defining moments when a single product fundamentally rewrites the rules. It strips away years of complexity, shifts our entire perspective, and changes how we look at the boundaries of what is possible.

That is 1Key.

One Platform. Nine Tools Retired.

1Key is engineered to eradicate tool sprawl. Here is exactly what the Badger suite replaces, out of the box.

Okta / Duo 1Key Identity
CrowdStrike / SentinelOne Badger Guardian
Zscaler / Cisco Umbrella Badger Shield
TeamViewer / AnyDesk Badger Den
Jamf / Intune 1Key MDM
ConnectWise / Kaseya Badger Fleet
Palo Alto GlobalProtect 1Key ZTNA
Wireshark / SolarWinds Badger Wire
Standalone ADA Tools 1Key Accessibility

Advanced Capabilities.

Beyond standard Zero Trust — built natively into the platform.

Local AI Vision

Shoulder-Surfer Detection (UEBA)

Badger Guard runs webcam frames through a local neural network to flag unauthorized onlookers and behavioral anomalies — on-device, privacy-preserving, with no cloud upload.

For MSPs & Channel

Multi-Tenant & White-Label

Built for Managed Service Providers. Switch between client tenants instantly with full data isolation, and re-brand the entire platform — console, agents, and block pages — as your own.

Accessibility

ADA-Compliant Remoting

Uncompromising accessibility built into the remote session. Administrators can remotely orchestrate high-contrast modes, precision DPI scaling, narrator toggles, and screen magnification.

Contextual Trust

Geo-Fencing & Impossible Travel

GPS access zones, IP restrictions, and time-window scheduling. Logins from unexpected locations — or at physically impossible travel velocity — are blocked before they ever reach a user.

Identity & Access.

Where are you authenticating identity?

Windows

Server / Workstation

Secure local desktop rendering and offline-capable authentication.

Explore
Web Applications

Enterprise SSO (SAML & OIDC)

Frictionless single sign-on access scaling seamlessly across your connected cloud and SaaS applications.

Explore
Remote Access

ZTNA Tunnels

Identity-bound, clientless zero trust network access bridging securely into your infra.

Explore
Legacy Infrastructure

RADIUS / LDAP Gateways

Modernize your existing VPNs and legacy firewalls with step-up biometric MFA without altering core configs.

Explore

Seven Authentication Factors.

The most diverse factor library in Zero Trust — pick what fits each risk context.

Push Approval
Dynamic QR
Passkeys (FIDO2)
TOTP Codes
Voice — Raven Key
Visual — BAT Key
Ultrasonic — Dolphin Key

Unified OS Architecture.

A single ecosystem governing the entire local hardware lifecycle.

At the Lock Screen

Unlocking the Computer

Before Windows ever loads, Badger Gate intercepts the login screen, demanding an encrypted MFA push from your phone before granting access to the system.

Explore Feature
1 Unified OS Agent
While Working

Inside the Desktop Session

Once you are successfully logged in, Badger Guard operates silently in the background continuously monitoring device posture, web traffic, and enforcing enterprise compliance.

Explore Feature

Badger Gate Deployments.

Select a demonstration sequence for Workstation Pre-Login.

Push Approval

Push Approval

Frictionless workstation login via targeted push notifications.

Explore
Dynamic QR Code

Dynamic QR

Scan-to-login for shared workstations, ensuring zero local data trace.

Explore

Badger Guardian Deployments.

Select a demonstration sequence for Workstation Post-Login.

Push Approval

Push Approval

Enterprise MFA gateway for sensitive applications inside the OS.

Explore
Dynamic QR Code

Dynamic QR

Offline and high-security step-up MFA authentication via dynamic QR.

Explore

Badger Gate: Push Approval

True Passwordless Workspace Authentication powered by Device Context.

Badger Gate Push Demo

True Passwordless (PIN or No PIN)

Eliminate credential theft. Employees approve logins directly from their mobile devices using native biometric integration (FaceID / TouchID). Require a custom PIN only when security contexts dictate.

Geo-Fencing & Impossible Travel

Built-in Zero Trust intelligence automatically blocks Push Requests originating from unexpected geographical locations or instances where travel velocity is physically impossible.

Computer Telemetry Checks

Authentication is gated by real-time hardware posture checks. If the origin requesting device fails AV compliance or OS patching standards, the Push is never generated.

Badger Gate: Dynamic QR

Secure Shared Kiosk Access with Zero Trace Credentialing.

Air-Gapped Access

Authenticate even when the workstation is completely offline using time-based cryptographic QR sequence negotiation.

Kiosk & Healthcare Ready

Perfect for shared nursing stations or factory floors. Scan the screen securely from a trusted mobile endpoint to instantly inject your profile seamlessly.

Badger Guardian: Push Approval

Granular Step-Up Authentication for High-Risk Actions.

Privileged Context Gating

Trigger a secondary 1Key Push Approval before users attempt to escalate privileges, uninstall critical software, or execute restricted remote commands.

Session Lockdown

Any failure or denial of a Guardian Push immediately locks out the active terminal, terminating malicious lateral movement.

Badger Guardian: Dynamic QR

Offline Administrative Escalation Made Simple.

Air-Gapped Admin Access

Administrators can securely elevate privileges on disjointed or air-gapped domain controllers specifically by validating a cryptographic QR on their mobile device.

1Key Identity: Enterprise SSO

Extend your native desktop authentication directly into your cloud architecture.

Enterprise SSO

SAML 2.0 & OIDC Identity Provider

Seamlessly integrate your existing enterprise SaaS applications like Salesforce, M365, and Slack behind a singular, impenetrable authentication identity.

SCIM 2.0 Directory Sync

Automatically provision and deprovision users from Azure AD, Google Workspace, and JumpCloud without lifting a finger.

Passwordless Passkey Synchronization

Allow your users to authenticate using WebAuthn/FIDO2 credentials (like Face ID or Windows Hello) that sync securely across their devices.

Remote Access: ZTNA Tunnels

Identity-bound, clientless zero trust network access bridging securely into your infra.

Zero Trust Tunnels

Deep TCP Reverse Tunneling

Broker secure, end-to-end encrypted connections to your internal infrastructure without exposing legacy VPN ports to the public internet.

Posture Compliance Gates

Automatically deny network tunnel generation if the requesting machine has disabled its local Antivirus or Firewall, guaranteeing a clean network perimeter.

Live Unified Dashboard

Visualize real-time throughput, individual TCP socket states, and orphaned tunnels instantaneously from the centralized administration console.

Just-In-Time (JIT) Access

Time-boxed, approval-gated access with risk scoring and auto-approve policies. Grants expire automatically with live countdown timers — standing access becomes a thing of the past.

Legacy Gateways: RADIUS/LDAP

Modernize your older infrastructure instantly via protocol interception.

RADIUS / LDAP Gateway

Zero Configuration Friction

Point your existing Cisco, Palo Alto, or Fortinet VPNs at the 1Key RADIUS proxy to instantly enforce step-up biometric MFA without altering your core firewall configurations.

Legacy TOTP Compatability

Automatically ingest and process legacy Google Authenticator or Authy TOTP codes, ensuring a frictionless migration path for your existing userbase.

Badger Shield: Web Security

DNS and HTTPS Deep Packet Inspection deployed directly at the endpoint.

Web Filtering Engine

Dual-Stack DNS & WFP Control

Intercept and filter network traffic dynamically using native Windows Filtering Platform hooks alongside localized DNS proxies, preventing bypassing via DoH or IPv6 manipulation.

HTTPS Cert Interception

Automatically generate localized Root CAs to intercept, decrypt, and serve fully white-labeled, branded block-pages even on TLS-encrypted traffic.

Corporate Rule Presets

Quickly deploy sprawling web filtering restrictions leveraging over 150+ dynamically categorized threat lists, or allow users to self-service "Request Access" via the block page.

Badger Vault — Data Loss Prevention

Endpoint TLS interception with custom regex DLP rules. Flag and censor sensitive data in motion, with per-domain bypass rules and instant policy-violation alerts.

Badger Guard: Endpoint Control

Deep localized telemetry and mandatory posture compliance analysis.

Endpoint Telemetry

Expansive WMI/COM Telemetry

Collect and monitor over 30 deeply embedded security and hardware attributes in real-time, tracking everything from BitLocker health to active visual monitor connections.

Vulnerability Auto-Restrictions

Automatically sever application tunneling and limit network access instantly if the local endpoint triggers a zero-day vulnerability alert or degrades its firewall posture.

Stolen Device Kill-Switch

Remotely inject a Session 0 lock command instantly from the admin console, or violently terminate all inbound network pipelines by flagging the hardware as stolen.

Remote Ops: Badger Den

Investigate, fix, and control any managed endpoint right from the browser — without a single third-party tool.

Remote Operations Suite

Remote Control & Screen Share

Full remote desktop with multi-monitor support, file clipboard, session recording, mobile touch control, and a blank-screen privacy mode for working on live machines unobtrusively.

Remote PowerShell — Ferret Shell

Run live PowerShell as SYSTEM on any endpoint with streaming output and full command history. No inbound ports, no exposed RDP — just an authenticated, audited session.

Built-in Packet Capture — Badger Wire

Your own Wireshark, in the browser. Real-time capture with a 3D network topology, protocol decode (TCP, UDP, DNS, HTTP, TLS), automated credential-carving detection, Geo-IP lookup, and PCAP/CSV export.

Remote Registry Editor

Browse and edit the full Windows registry (HKLM, HKCU, HKCR, HKU, HKCC) remotely — create, modify, and delete keys and values with search and direct-path navigation.

File Explorer & Transfer

Navigate the remote filesystem, push and pull files, and jump straight to Desktop, Documents, Program Files, Windows, and Temp with one-click shortcuts.

Remote Event Viewer

Stream Windows event logs — System, Application, Security, Defender, PowerShell, and Task Scheduler — with severity and time-range filtering for instant triage.

Module Coming Soon

Our engineering team is actively finalizing the interactive features for this module. Check back shortly to explore its deeply integrated capabilities!

1Key Assistant

Welcome! How can I help you explore 1Key today? Try asking about "SSO" or "Workstation Login".