Passwordless authentication & full-disk encryption

Always-On Security. No User Action* *Beyond Endpoint Login

SecureDoc Linux

Onboard Linux remotely. Control encryption centrally.

SecureDoc Linux brings Linux full-disk encryption into a managed operating model, enrollment, ownership, key custody, and recovery from a central administrative layer. Your keys stay with you.

See SecureDoc Linux
Enterprise passkeys

The endpoint is the Passkey.

The endpoint is the Passkey, TPM-bound and non-exportable. Roll out passkeys on the laptops you already manage: one install package, deployment in days.

See the passkey rollout
CMMC 2.0

The evidence your C3PAO inspects.

An endpoint platform mapped control-by-control to NIST SP 800-171, backed by active FIPS 140-3 certificates, multi-user pre-boot authentication, and phishing-resistant MFA for privileged access.

See CMMC coverage
Our products

Authenticate. Encrypt. Achieve.

Secure online access with MagicEndpoint. Protect your endpoints with SecureDoc. Each works independently and together.

Made for your environment:
cloud-hosted, on-premise, or even air-gapped
.

Secure online access

You log in to your device. MagicEndpoint takes over.

MagicEndpoint authenticates identity at the endpoint, before any app is accessed. Every online application inherits it automatically.

No separate credentials. No separate authentication steps.

Explore MagicEndpoint
Encryption

Full disk encryption trusted around the world.

FIPS 140-3 validated full disk encryption for Windows, macOS, and Linux. BitLocker, FileVault, and Opal drives managed from one console.

Your keys stay with you.

Explore SecureDoc
MagicEndpoint

Security or user experience? Both.

Identity attacks succeed because identity lives in layers that can be phished or replayed. We are different by design: we anchor identity in the endpoint's hardware and verify it continuously through a persistent trusted channel.

Phishing

The credential cannot be phished.

MagicEndpoint defines your identity as user × device × conditions, and binds it to the endpoint's TPM. The credential cannot leave the device, so there is nothing to phish, no token to replay, and no prompt to trick.

For your team

no passwords, nothing to forget, fewer help-desk resets.

See how to end MFA fatigue
Hijacks

Always-on verification.

Most authentication is a handshake at the door: prove who you are once, and the system trusts you for hours, never asking again who is on the device. MagicEndpoint verifies the user on the device continuously, for every transaction.

For your team

stolen tokens expire before they can be exploited, and your users never see a single prompt.

Watch the video
Every login

It works with any IAM, for any online access.

Use it as your authentication, your passkey, or an addition to your existing IAM, we run everywhere, even in air-gapped networks. Log in once on the endpoint, and the no-user-action experience follows you anywhere and everywhere online.

For your team

one install package, deployment in days, working alongside your existing controls.

See how it works with your IAM
SecureDoc encryption

Take a simpler approach to data security.

Today, critical data is spread across different locations, making it hard to keep track of. Our endpoint, server, and file encryption solutions protect it, with keys that stay with you.

Explore all encryption solutions
Endpoints

Full-disk encryption

FIPS 140-3 validated FDE for Windows, macOS, and Linux, with pre-boot authentication for Windows and Linux.

Endpoint encryption
Native OS

BitLocker & FileVault, managed

Run native OS encryption under one console, policies, keys, and recovery in one place.

FDE for Windows
Linux

SecureDoc for Linux

Onboard Linux devices remotely and control encryption centrally, with pre-boot network control.

SecureDoc Linux
Beyond laptops

Servers, files & SEDs

Server encryption, file and removable-media encryption, and Opal self-encrypting drives.

Server encryption

Let's talk. Cloud-hosted, on-premise, or air-gapped, we have the right solution for your environment, and the experts to walk you through it.

Talk to an expert
Trusted across public, private, and technology partners

Certified: FIPS 140-2 · FIPS 140-3 · FIDO2 · OPSWAT Platinum Built to support: NIST SP 800-171 · CMMC 2.0 See all certifications →

The future of cybersecurity.

Invented in Canada. Built for the world.

Founded in 1997. Trusted today by governments and enterprises across the world.

5M+
licenses worldwide
80+
countries deployed
29yrs
of data security

FROM THE BLOG

Thinking that’s ahead of the industry.

FAQ

Frequently asked questions

Can I buy MagicEndpoint or SecureDoc separately?

Yes. Each product works independently. MagicEndpoint delivers Zero Trust authentication: Identity First, verify the user at the endpoint with local MFA, and Always Verify, continuously verify the user on the device, in real time, for every online access. SecureDoc's full-disk encryption supports this by establishing the trusted endpoint. Get in touch with our sales team for pricing and licensing, or book a working demo with an engineer.

Is WinMagic FIPS validated?

Yes, for both products. WinMagic holds active FIPS 140-3 certificates #5204 for Windows and #5214 for macOS/Linux, covering the cryptographic modules used by SecureDoc and MagicEndpoint, and has held FIPS validation across all three generations of the standard. See all certifications.

Does WinMagic support CMMC 2.0?

Yes. SecureDoc covers encryption requirements and MagicEndpoint covers NIST SP 800-63C authentication assurance, with out-of-the-box control mapping to NIST SP 800-171 for CUI protection, from assessment to audit evidence on one console. See the CMMC control mapping.

Can WinMagic run on-premise or air-gapped?

Yes. Both products are available as cloud-hosted SaaS or self-hosted on-premise, including air-gapped environments.

keyboard_arrow_up