AuthPoint is WatchGuard's multi-factor authentication (MFA) service. With AuthPoint, you can require users to authenticate with the AuthPoint mobile app or a third-party hardware token when they log in to a protected resource, such as a computer, VPN, or a cloud service or application.
Because AuthPoint requires users to authenticate before they log in, data in your cloud applications and services is protected.
AuthPoint uses the latest MFA methods to protect your trusted resources from unauthorized access. You can choose different authentication methods for specific user groups and applications:
- Push Notification — When you log in, AuthPoint sends a push notification to your mobile device that you approve to authenticate and log in or deny to prevent an access attempt that was not made by you
- QR Code — When you log in, you scan a QR code with the AuthPoint mobile app and use the verification code you receive to authenticate (AuthPoint uses secure QR codes that can only be decrypted by the AuthPoint mobile app)
- One-Time Password (OTP) — An OTP is a unique, temporary password available in the AuthPoint app that you use to authenticate
Users install the AuthPoint mobile app on their phone. Then, when they log in to any online service or VPN, they must authenticate with one of the methods described above.
Set up and manage AuthPoint from the Configure Services section of WatchGuard Cloud.
To learn how to set up multi-factor authentication with your Firebox and third-party applications and services, see AuthPoint Integration Guides.
Components of AuthPoint
AuthPoint has several components:
AuthPoint Management UI
The AuthPoint management UI in WatchGuard Cloud is where you set up and manage your users, user groups, resources, external identities, and the AuthPoint Gateway. Resources are the applications that you define for use with AuthPoint. External identities connect to user databases to get user account information and validate passwords.
AuthPoint Mobile App
The AuthPoint mobile app is required for authentication. You can view and manage your tokensA token is something that is used to identify you, like a digital fingerprint. It is used in addition to, or in place of, a password when you log in to a protected resource., approve push notifications, get OTPs, and scan QR codes.
The AuthPoint Gateway is a lightweight software application that you install on your network so that AuthPoint can communicate with your RADIUS clients and LDAP databases. The Gateway operates as a RADIUS server and is required for RADIUS authentication and for LDAP users to authenticate with SAML resources.
The installer for the AuthPoint Gateway is available on the Downloads page in the AuthPoint management UI.
The Logon app is used to require authentication when users log on to a computer or server. This includes protection for RDP and RD Gateway. There are two parts to the Logon app: the application you install on a computer or server and the resource you configure in AuthPoint.
The Logon app is available on the Downloads page in the AuthPoint management UI.
AuthPoint ADFS Agent
With the AuthPoint ADFS agent, you can add multi-factor authentication (MFA) to ADFS for additional security. To configure MFA for ADFS, you must have the AuthPoint Gateway installed.
The installer for the ADFS agent is available on the Downloads page in the AuthPoint management UI.
AuthPoint Agent for RD Web
The AuthPoint agent for RD Web adds the protection of multi-factor authentication to RD Web Access. There are two parts to the AuthPoint agent for RD Web: the agent you install and the resource you configure in AuthPoint.
The installer for the RD Web agent is available on the Downloads page in the AuthPoint management UI.