Contents

Quick Start — Set Up AuthPoint

This quick start topic reviews the general steps to configure and test multi-factor authentication (MFA) with AuthPoint. This guide introduces AuthPoint, reviews the basic components of AuthPoint, and helps you get started so you can test MFA before you fully deploy AuthPoint.

If you already understand the basic setup of AuthPoint and are ready to deploy it in your network, you may choose to start with the AuthPoint Deployment Guide.

If you have not already purchased an AuthPoint license, you can start a free AuthPoint trial in the Support Center. To start a trial, go to the Manage Products page and select WatchGuard AuthPoint. Click the Free 30 day trial link to activate your free trial. You can also contact your preferred WatchGuard Partner and have them set you up with an AuthPoint trial. For more information, see Activate an AuthPoint Trial License.

Before you begin, we recommend that you familiarize yourself with the components of AuthPoint and some of the key terms related to AuthPoint:

Connect to AuthPoint Management UI

The AuthPoint management UI is where you set up and manage your AuthPoint users, groups, and resources. You get access to the AuthPoint management UI in WatchGuard Cloud.

To connect to WatchGuard Cloud, go to cloud.watchguard.com. Once you have logged in, select Configure > AuthPoint.

Service Providers have a different view of WatchGuard Cloud. If you have a Service Provider account, you must click Pivot to Subscriber View on the dashboard to switch to your Subscriber account before you can get to the Configure Services page.

Add a Resource to Protect with MFA

To configure MFA for an application, you must add a resourceIn AuthPoint, resources represent the applications and services that your users connect to. for the client in AuthPoint and configure the necessary settings for MFA in your third-party application.

In our example, we add an IdP portal resource. The IdP portal shows users a list of the SAML resources available to their AuthPoint group. Because the IdP portal is an AuthPoint resource, you can use it to test MFA with no third-party configuration required.

If you want to test MFA with a specific application, see the AuthPoint Integration Guides. If you do not see an integration guide for the application you want to try with AuthPoint, see SAML Resources or RADIUS Client Resources.

To add an IdP portal resource:

  1. From the navigation menu, select Resources.
    The Resources page appears.

  1. From the Choose a Resource Type drop-down list, select Idp Portal.
  2. Click Add Resource.

  1. In the Name text box, type a descriptive name for the resource. In our example, we name this resource Self Service Portal.
  2. From the User ID drop-down list, select whether users type their email or user name to log in on the SSO (single sign-on) page.
  3. In the Account Alias text box, type a unique value that will be appended to the URL for your IdP portal. In our example, we use Washington. This means that the URL for our IdP portal is https://authpoint.watchguard.com/washington.

  1. Click Save.
    The IdP portal resource is listed on the Resources page.

Add a Group

In AuthPoint, groups are how you define which resources your users have access to. You must add at least one group before you can add or sync users.

To add a new group:

  1. From the navigation menu, select Groups.
  2. Click Add Group.

  1. On the New Group page, type a Name and Description for your group. The description is optional, but we recommend that you specify the purpose of the group. For our example, the name of this group is Group A.

Screen shot of the New Group page.

  1. In the Access Policy section, click Add Policy.
    The Add Policy dialog box appears.

  1. From the Resource drop-down list, select the IdP portal resource you added. In our example, we select Self Service Portal.

  1. To require that users type their password before they authenticate for this resource, select the Require Password Authentication slider.

  1. For Authentication Options Allowed, select the One-Time Password, Push, and QR Code check boxes. These are the authentication methods that users can choose from when they log in to this resource. For more information about authentication methods, see About Authentication.

  1. Click Add.
    The access policy for the IdP portal is listed on the Groups page.
  2. Click Save.
    Your group is listed on the Groups page.

Screen shot of the New Group page.

Screen shot of the New Group page.

Add a User

Now that you have a group, you can add a user. There are two ways to add users in AuthPoint: you can sync users from an Active Directory or LDAP database, or you can add users manually.

In this quick start topic, we provide the steps to add a test user manually. It is always a good idea to start with a test user before you add or sync add or sync all of your end users.

To learn how to sync an Active Directory or LDAP user, see Sync Users from Active Directory or LDAP.

  1. Select Users.
  2. Click Add User.

  1. In the First Name and Last Name text boxes, type the name of a test user. In our example, we use Jane Smith.
  2. In the User Name text box, type a unique user name for your user.

  1. In the Email text box, type an email address for the test user. To test AuthPoint, you can use your own email address, but, if you later sync to an authentication database that you are a part of, you must remember to first delete this test user.

    This should be a valid email address that you have access to. This email address receives the email message to set your password and activate your token.

  2. From the Group drop-down list, select an AuthPoint group to add your user to. The group is what determines which resources the user has access to. In our example, we add Jane Smith to Group A, which we created in the previous section.

    Because groups specify how users authenticate, you must add each user to a group. You cannot add a user to more than one group. This prevents potential conflicts between the access policies of each group.

  1. Click Save.
    The user appears with a green icon next to their user name.

The user receives two email messages. One is used to set their AuthPoint password and the other to activate a token in the AuthPoint mobile app. To resend the Set Password or Activation email messages, see Resend Activation Email and Resend the Set Password Email to a User.

Set Password and Activate Token

When you add a user, AuthPoint sends two email messages to the user that they use to set their AuthPoint password and activate a token in the AuthPoint mobile app.

Users synced from AD or an LDAP database do not receive the Set Password email. They use the password defined for their user account as their AuthPoint password.

Open the Set Password email sent to the test account and click the link in the email to set your password. When prompted, type your password, then click Save.

Now your AuthPoint password is set. You use this password when you authenticate to log in to protected services and applications.

Next you must activate your tokenA token is something that is used to identify you and associate you with a device, like a digital signature or fingerprint. It is used in addition to, or in place of, a password when you log in to a protected resource. You activate a token on a device that is used for authentication, such as a mobile phone. This device is then used to gain access to protected resources that require multi-factor authentication..

Open the Activation email and click the link in the email. This takes you to the Welcome to AuthPoint web page. If you have not done so, download and install the AuthPoint mobile app on your phone.

  • If you opened the web page on your phone, tap the Activate button. This opens the AuthPoint app and activates your token.
  • If you opened the web page on your computer, open the AuthPoint app on your phone and tap Activate in the app, then point the camera on your phone at the QR code on your computer screen.

When a user has successfully activate a token, you can see the token on the Users page.

Try MFA

At this point, you have configured MFA for one or more of your resources. Now we can test that MFA works.

If you have configured a SAML resource, to test MFA:

  1. In a web browser, navigate to the login URL for your IdP portal. This URL should be https://authpoint.watchguard.com/<your account alias>. In our example, we navigate to https://authpoint.watchguard.com/washington.
    The AuthPoint single sign-on page appears.

    On the Resources page, click the Name of your IdP portal resource to find the URL for.

  2. Type your email address or AuthPoint user name. Click Next.
  3. In the Password text box, type your AuthPoint password. You must do this before you can select an authentication method. This is because we selected the Require Password Authentication slider when we configured the access policy for this resource.
  4. Click Send Push to test Push authentication.
  5. Approve the authentication request that is sent to your mobile device.
    You are logged in to the IdP portal.

When you log in to the IdP portal, you see a blank page with no applications listed. This is because you have not configured any SAML resources. After you add SAML resources, the IdP portal shows a list of all the SAML resources available to your AuthPoint group.

See Also

AuthPoint Integration Guides

AuthPoint Deployment Guide

About Authentication

About Resources

Add an IdP Portal Resource

Set Up the Logon App

About the AuthPoint Mobile App

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search