Portnox
Spin up our cloud RADIUS service & unlock powerful zero trust network authentication.
All of the advantages of RADIUS plus full-fledged zero trust NAC for distributed environments.
Fast, frictionless ZTNA that users will love and security teams can trust.
Keep security auditors off your back with cloud TACACS+ / AAA Services.
Leverage all of the critical zero trust features of the Portnox Cloud in one unified solution.
Product Features
Feature
RADIUS
RADIUS
NAC
NAC
ZTNA
ZTNA
Universal Zero Trust
UAC
Wireless, wired, VPN access
Anti-flood protection services
RadSec support
RADIUS forwarding rules (eduroam support)
Role-based authentication
MAC authentication bypass
Account lifecycle synchronization
Passwordless authentication
Certificate authority services
$1 / device
SAML 2.0 authentication services
OpenID Connect
RADIUS
NAC
ZTNA
UZT
Wireless, wired, VPN access
Anti-flood protection services
RadSec support
RADIUS forwarding rules (eduroam support)
Role-based authentication
MAC authentication bypass
Account lifecycle synchronization
Passwordless authentication
Certificate authority services
$1 / device
SAML 2.0 authentication services
OpenID Connect
802.1X authentication
Dynamic VLAN / ACL assignment
Portnox AgentP
Agentless posture assessment
Continuous endpoint risk & posture assessment
Policy enforcement & automated remediation
Audit tracking & logging
Agentless remote access
Split tunneling
SSL offloading
Digital experience monitoring (DEX)
Secure SaaS application access (CASB)
Secure access to on-prem applications
Application specific risk profiles
IP geo restrictions to SaaS & hosted applications
RADIUS
NAC
ZTNA
UZT
802.1X authentication
Dynamic VLAN / ACL assignment
Portnox AgentP
Agentless posture assessment
Continuous endpoint risk & posture assessment
Policy enforcement & automated remediation
Audit tracking & logging
Agentless remote access
Split tunneling
SSL offloading
Digital experience monitoring (DEX)
Secure SaaS application access (CASB)
Secure access to on-prem applications
Application specific risk profiles
IP geo restrictions to SaaS & hosted applications
Guest accounts
Up to 100 guests per day
Self-onboarding for guests
Sponsor-based onboarding
SMS-based onboarding
RADIUS
NAC
ZTNA
UZT
Guest accounts
Up to 50 guests per day
Up to 50 guests per day
Self-onboarding for guests
Sponsor-based onboarding
SMS-based onboarding
Role-based access policies
Location-based policies
Change of Authorization (CoA)
Device access geo restrictions
RADIUS
NAC
ZTNA
UZT
Role-based access policies
Location-based policies
Change of Authorization (CoA)
Device access geo restrictions
Monitoring-only mode
Archived devices data retention
14 days
45 days
30 days
60 days
Dynamic group assignment per device type
IoT profiling
IoT device trust
RADIUS
NAC
ZTNA
UZT
Monitoring-only mode
Archived devices data retention
14 days
45 days
30 days
60 days
Dynamic group assignment per device type
IoT profiling
IoT device trust
Intune integration for advanced device properties
Jamf integration for advanced device properties
Crowdstrike integration for advanced device properties
SentinelOne integration for advanced device properties
RADIUS
NAC
ZTNA
UZT
Intune integration for advanced device properties
Jamf integration for advanced device properties
Crowdstrike integration for advanced device properties
SentinelOne integration for advanced device properties
Onboarding services
Device provisioning services
Certificate enrollment services
RADIUS
NAC
ZTNA
UZT
Onboarding services
Device provisioning services
Certificate enrollment services
RADIUS proxy - local failover
Multi-regional redundancy
TACACS+ / AAA
1 admin / 100 devices
2 admin / 200 devices
1 admin / 100 devices
3 admin / 300 devices
SIEM
On prem/SaaS
On prem/SaaS
On prem/SaaS
On prem/SaaS
MFA admin access (w/ SMS)
MFA admin access (w/ Authenticator App)
RESTful API
Entra (Azure) AD/Google Workspace/Active Directory
Okta
Extended device data retention
Add 30 days – 99¢ / device / year
Each additional 30 days – 99¢ / device / year
Add 30 days – 99¢ / device / year
Each additional 30 days – 99¢ / device / year
24x7x365 Support
Priority One Issues*
Priority One Issues*
Priority One Issues*
Priority One Issues*
Community Support
RADIUS
NAC
ZTNA
UZT
RADIUS proxy - local failover
Multi-regional redundancy
TACACS+ / AAA
1 admin / 100 devices
2 admin / 200 devices
1 admin / 100 devices
3 admin / 300 devices
SIEM
On prem/SaaS
On prem/SaaS
On prem/SaaS
On prem/SaaS
MFA admin access (w/ SMS)
MFA admin access (w/ Authenticator App)
RESTful API
Entra (Azure) AD/Google Workspace/Active Directory
Okta
Extended device data retention
Each additional 30 days – 99¢ / device / year
Add 30 days – 99¢ / device / year
24x7x365 Support
Priority One Issues*
Priority One Issues*
Priority One Issues*
Priority One Issues*
Community Support
Extended guest package (50)
Additional SMS package (1000)
TACACS+ / AAA
RADIUS
NAC
ZTNA
UZT
Extended guest package (50)
Additional SMS package (1000)
TACACS+ / AAA
Optional
Gain access to all of Portnox’s tools!
Subscription terms are available in 12, 24, and 36 months. Additional discounts are available for terms longer than 12 months.
Yes, please contact Sales for information on volume discounts that may be applicable to you and your organization.
Absolutely! Not only is it possible, it is also how most customers deploy Portnox in their environments.
We strive to ensure that you have the absolute best possible onboarding experience, regardless of which package you may purchase. However, some organizations may need some additional assistance or maybe don’t have time to invest in configuring a zero trust access control solution. If you require additional onboarding assistance, please contact our sales department. They can help you determine what is the best onboarding tier for your needs.
Yes. Portnox provides special educational discounts for qualifying K-12 and higher education institutions. Please contact Sales for more information.
Yes. Portnox Cloud RADIUS is deployed globally with high availability and low latency in mind. RADIUS servers are available across multiple continents, ensuring optimal performance and compliance for organizations worldwide.
Server regions include:
This geographic distribution supports compliance with data residency requirements and delivers high-speed authentication responses regardless of user or device location.
No. Portnox’s cloud RADIUS is just that – fully cloud-native, and can be deployed at scale directly through the platform without needing any additional hardware to be installed on-site.
Today, users can integrate Azure Active Directory and Microsoft Active Directory with Portnox RADIUS. The Portnox Cloud also boasts its own proprietary directory should you not currently utilize one of these services.
Relying on the IEEE 802.1X authentication protocol, Portnox RADIUS offers role-based authentication and MAC Authentication Bypass (MAB) as standard authentication options. The solution also offers account lifecycle synchronization out-of-the-box.
Absolutely! Thanks to our innovative IoT fingerprinting, we can identify over 260,000 unique IoT devices across 27,000 different brands with more being added daily. We use a variety of methods including MAC address clustering and DHCP gleaning, along with our new SaaS-based DHCP listener to quickly and accurately identify all of the devices on your network.
Yes. Portnox Cloud allows customers to leverage our multiple RADIUS servers deployed in different geographic regions of the world. Alternatively, we provide an optional Local RADIUS instance that customers can deploy on-prem or in their private cloud to provide an additional level of redundancy. Portnox Cloud can also be used as a RADIUS proxy for services such as eduroam.
Portnox supports key aspects of zero trust:
Portnox provides access control enforcement across wired, wireless, and VPN access layers.
Several unique features give Portnox the edge above other NAC solutions. Specifically continuous risk assessment and remediation allows your IT team to keep unprotected devices quarantined or off the network entirely. Risk posture is continuously evaluated, so any changes to the device are detected and acted upon quickly.
Also our innovative approach to IoT fingerprinting gives you a complete picture of what devices are lurking on your network that you may not be aware of. And finally, our cloud-based, vendor agnostic platform means you will be able to control access for all your devices without leaving anything unprotected because it doesn’t work with a more traditional, vendor-specific solution.
Absolutely! Portnox Cloud integrates directly with 3rd party solutions such as Microsoft’s inTune to agentlessly assess the device’s compliance state prior to granting the device access to the network. Noncompliant devices can optionally be granted limited access to a quarantine or remediation VLAN where typically access is restricted only to resources necessary to bring the device back into compliance.
Portnox’s Cloud API is a RESTful endpoint documented in Swagger. This API is leveraged by customers to automate allows customers to automate routine tasks, such as adding MAC Addresses to a MAB account, Portnox Cloud supports all common CRUD (Create Read Update Delete) for devices, accounts, NASs, and sites.
Portnox ZTNA is cloud-native, passwordless, agentless, and clientless. Unlike VPNs, it doesn’t tunnel traffic or require endpoint software. It enables direct, policy-based access to apps without compromising user experience or security.
Nope! Portnox’s lightweight AgentP is optional, but not required. ZTNA can be run agentless, which means users can connect securely without installing anything extra—reducing friction and IT overhead.
Every access attempt is evaluated in real time. Portnox checks device posture (e.g., OS version, endpoint protection, encryption) before granting access. Non-compliant devices are blocked or guided through automated remediation.
Yes. Portnox ZTNA provides secure remote access to cloud and on-prem apps—without the latency, maintenance, or security risks of VPNs.
Yes. It uses certificate-based authentication to eliminate the need for usernames and passwords—protecting users from phishing and credential theft.
Each TACACS+ license entitles you to one TACACS+ user and 100 TACACS+ devices. To determine which license size you need, simply count the number of TACACS+ users in your organization who will be accessing TACACS+ capable devices, such as switches, routers, etc. Then multiply that number by 100. If that number is less than the total number of TACACS+ capable devices, than take the total number of TACACS+ devices and divide by 100. This will give you the total number of TACACS+ licenses you will need to cover your environment.
