A new approach to cybersecurity
For Business → ProtectionGrid For Large Corporates → ProtectionGrid For Law Enforcement → Intelligence For Governments → Intelligence
Home / ProtectionGrid / AppShield
AppShield · Part of ProtectionGrid

Zero-Trust access
for every app.

What attackers can't see, they can't hack. AppShield protects your applications and controls every single access. Easier than any VPN. More secure either way.

See pricing See how it works →
The VPN problem

All-or-nothing? Not anymore.

With a VPN, critical apps like CRM or ERP are reachable for every connected user. AppShield grants access only when user, device and context match. Granular. In real time.

Unauthorized
Attacker
Verified
Employee
AppShield
Attacker ✕ Blocked
Employee ✓ Access granted
Internal app
CRM · ERP · Wiki
Hidden from the internet.
Visible only to authorized users.

Apps stay hidden until permission matches.

Classic VPN

The all-or-nothing problem.

  • Once connected, every user can see every app on the network
  • Lateral movement after a single compromise is trivial
  • Difficult to set up, harder to maintain, ongoing user friction
  • No granular control over user, device or context
  • Performance overhead for every connection
AppShield

Zero-Trust by design.

  • Each app individually protected — only authorized users see it
  • No lateral movement possible — apps are isolated by default
  • Operational in minutes via DNS — no client install required
  • Granular rules per user, group, device, country, time
  • Continuously verified context, not just at login
AppShield

Complete app protection. No compromises.

1

Make apps invisible

Attackers can't hack what they can't find. AppShield hides your applications completely until permission matches.

2

Set access in minutes

Define the target address, set the rules, done. Access via the identiqa app: simple, secure, no VPN required.

3

Granular control

Per user, group, device. Rules apply in real time and check the context automatically.

4

Comprehensive defense

Activate advanced protection: data loss prevention, session control, anomaly detection. Protected on every layer.

Pricing

Strong protection. Small price.

AppShield can be tailored to every backend app and every need. Choose the plan that fits.

Core
The ideal entry point for reliable protection of your apps.
€49/mo
Sign up
  • Up to 5 ProtectedApps
  • Up to 50 users per app
  • Aura Core Security & DNSSEC
  • Standard authentication via identiqa.id
Most popular
Pro
For mid-sized organizations needing more apps and tighter controls.
€79/mo
Sign up
  • Up to 25 ProtectedApps
  • Up to 150 users per app
  • Granular rules: groups, geo, device, time
  • SSO with Microsoft, Google & Okta
  • Session control & activity logs
Premium
Enterprise-grade Zero Trust without limits.
€149/mo
Sign up
  • Up to 50 ProtectedApps
  • Up to 250 users per app
  • Data Loss Prevention (DLP)
  • Anomaly detection via Aura AI
  • SIEM integration + audit-ready logs
Customer voices

Customers on AppShield.

Markus
CIO at a financial services firm with 180 employees

We used to run a Cisco VPN that was constantly causing trouble. After switching to AppShield, our internal apps are simply not visible from the outside anymore. Setup was done in an afternoon — and now we have granular rules per role, per country, per device. That's what zero trust should feel like.

Lina
Head of IT at a manufacturing company with 320 employees

Our ERP system was the most sensitive part of our infrastructure — and the most reachable. AppShield made it invisible to anything outside our verified user list. The transition was seamless, and our auditors loved the granular access logs. Six months in, zero incidents.

Michael
Senior System Engineer IT Security at a manufacturer with over 280 employees

The identiqa team knows how to build professional products in network security. You can feel the background from the carrier and Microsoft world, especially from software development. Every product is about perfection — exactly what we're looking for.

FAQ

Good to know. Before you start.

Why is AppShield better than a traditional VPN?
The short answer: AppShield is easier to configure and operate. You define the target address for your backend app, place an AppShield instance in front of it, and your app is protected. Access is controlled simply through users, groups or roles. Your employees can reach the app at any time, while third parties see nothing at all. Unlike a VPN, which exposes your entire network once a user connects, AppShield isolates each app individually.
How granularly can access be regulated?
You can control access to your protected apps with full granularity. Beyond enforcing rules like 2FA or restricting access to authorized countries only, a flexible rule engine gives you many additional options — including device posture, time-of-day, IP reputation, session length, and contextual signals from Aura AI.
Can access be analyzed and reported?
Yes. You can analyze access to your protected apps in multiple ways — both at an aggregate level and on a per-user basis. Logs are exportable to SIEM systems and structured for audit use, including evidence for NIS2 and ISO 27001 reviews.
Which authentication methods are supported?
AppShield works natively through the identiqa Auth app, where users sign in with their identiqa.id login. That login can in turn be coupled with login providers like Microsoft Entra (Azure AD), Google Workspace, or Okta via WebAuth. SAML 2.0 and OpenID Connect are both supported. For high-assurance environments, hardware-backed authenticators (FIDO2, WebAuthn) can be enforced.
Do my users need to install anything?
For most apps, no client installation is required. Users access protected web apps through their browser as usual, authenticating once via identiqa.id. For non-web apps (e.g. database connections, RDP, SSH), a lightweight identiqa Connector is available for Windows, macOS and Linux — much simpler to deploy than a traditional VPN client.
Where is my data processed?
identiqa operates regional clusters in Europe, the US, and additional regions. Each region runs independently, governed by its local entity. EU customer traffic stays within the European legal space. AppShield is fully GDPR-compliant, NIS2-aligned, and built for sovereignty-first operations.
CyberHub portal

Full control. Per app.

All identiqa products are managed centrally through a single dashboard. See every protected app, every active user, every blocked attempt — in real time. Configure rules, review logs, export audit trails, all from one login.

12
Protected apps
847
Verified users
42
Blocked today
CRM Production Active
ERP Backend Active
Internal Wiki Active
Modular protection

Cybersecurity is not a single product.

Combine the modules that fit your IT landscape. Existing customers automatically receive additional discounts.

WebShield
The firewall for your websites and online shops.
From €79/mo
SecureDomain
AI-powered protection for your domains and DNS records.
From €7/mo
WebAuth
Secures your employees' logins against the most common attack vector.
From €9/mo
MailShield
Stops threats in emails before they reach your employees' inbox.
From €79/mo
HybridMail
Distribute mailboxes flexibly between cloud and your own infrastructure.
From €59/mo
All modules
See the complete ProtectionGrid: six modules, one platform, one login.
View all →
Free consultation

Book a consultation.

Leave your details and you'll be able to book a consultation slot directly afterwards. We typically respond within 2 hours — no sales pitch, just a real conversation about your apps, access patterns and security posture.

500+
customers worldwide
< 2h
response time

Get in touch

By submitting this form, you agree to our privacy policy. We'll get back to you within 2 hours during business hours.

500+
customers
CISO as a Service
Want a dedicated point of contact?
Cybersecurity doesn't have to be incomprehensible. With CISO-as-a-Service, you get a dedicated expert who understands the requirements of your business.
Let's go → How it works