What is Castle
Castle is Station70's secure TOTP sharing platform. It allows organisations to centrally manage and share time-based one-time passwords (TOTP codes) with teams — with full control over who can access what, and when.
The problem Castle solves
Shared TOTP codes are a common headache for enterprise teams. When multiple people need access to the same 2FA-protected account, organizations typically resort to screenshots, shared password managers, or re-enrollment across devices, all of which create security gaps and operational friction.
Castle eliminates this by giving admins a central place to register TOTP credentials and distribute real-time access to users, with policy controls that enforce approval workflows where needed.
Key Concepts:
| Term | What it means |
|---|---|
| Resource | A single TOTP credential — e.g. the 2FA code for a specific platform or account. Each resource has its own access settings. |
| Policy | The access rules for a resource. Can be set to instant access (no approval needed) or require approval from one or more designated approvers. |
| Group | A collection of users that can be assigned access to one or more resources. Makes it easier to manage access at scale. |
| Approver | A user(s) designated to approve or deny access requests under a policy-gated resource. |
Who Does What?
| Account Admin | User |
|---|---|
|
|
How Access Works:
Each resource has one of two access modes:
Instant access
-
Any user assigned to the resource sees the live TOTP code immediately in the mobile app, no approval needed.
Policy-gated access
- The user submits a request, and one or more designated approvers must approve before the live code becomes visible.