AuthPoint User Inheritance for Delegated Accounts and RADIUS Enhancements

User Inheritance for Delegated Accounts

User Inheritance lets a Service Provider reuse one AuthPoint user across the accounts it manages, so a technician can authenticate to protected resources in those accounts without a separate licensed identity in each one. This already worked for child accounts. It now extends to delegated accounts, the accounts a customer owns and has delegated to a partner to manage.

Because a delegated account belongs to the customer, the customer stays in control. The Service Provider makes a user available to one or more delegated accounts. An operator on the customer account approves the request and assigns the groups and access policy the inherited user operates under. Once approved, the user authenticates to that account's AuthPoint-protected resources under the assigned policy.

A few things worth knowing:

• The inherited user consumes no AuthPoint user license in the customer account. The identity is licensed once, on the Service Provider account, regardless of how many accounts inherit it.
• No additional token is required. The inherited user authenticates with their existing token.
• Either side can end the inheritance at any time. If the customer revokes the delegation, the inherited user is removed automatically, with no orphaned access left behind.
• User and token management stay centralized on the Service Provider account.
• Service Providers manage delegated accounts within their own cloud region, so inheritance to delegated accounts is same-region.

RADIUS Authentication Reliability Enhancements

AuthPoint now runs RADIUS authentication, used for VPN and network access, across multiple AWS regions. If the region serving authentication becomes unavailable, the service can be recovered in another region instead of staying down until the original region is restored. This matters for partners supporting clients where network access cannot stay offline. This release also includes enhancements to prevent impacts caused by DDoS attacks, further strengthening the reliability of the authentication service. To take full advantage of these improvements make sure you are running the latest version of the AuthPoint Gateway.

Have Questions?

Refer to the AuthPoint release notes and the User Inheritance for Service Providers or User Inheritance for Managed Accounts pages on the AuthPoint Help Center for more information. For questions, contact your WatchGuard Account Manager or use standard support channels.