Contents

Block a User or Token

There are two ways to prevent authentication:

  • Block a User — The user cannot authenticate with any of their WatchGuard tokens on any of their mobile devices
  • Block a Token — The user cannot authenticate with that token, but can still authenticate with other active tokens

On the Users page, the User Name and Token columns show the status of the user account and that user's tokens. You can see if a user or token is active or blocked.

In the User Name column, the icon next to a user name indicates the status of that user.

  • Activated () — The user account is activated and can authenticate with any active tokens
  • Quarantined () — The LDAP synced user account cannot authenticate because the LDAP user was moved or deleted
  • Blocked () — The user cannot authenticate with any WatchGuard tokens

In the Token column, the icon next to a user's token indicates the status of that token.

  • Activated () — The token is activated and can be used for authentication
  • Blocked () — The token is blocked and the user cannot authenticate with that token (they can still authenticate with any other WatchGuard tokens they have activated)

Block a User

A blocked user cannot authenticate with any of their WatchGuard tokens on any of their mobile devices. The general use case for this action is to completely block a user account when the user has been offboarded or if they may be compromised in some way.

When you block a user account, that does not affect third-party tokens that user has imported to the AuthPoint mobile app. A blocked user can still use their third-party tokens, such as Google Authenticator, to authenticate with third-party resources.

To block a user:

  1. From the navigation menu, select Users.
  2. In the relevant user row, click and select Block User.

  1. Click Yes.
    The status icon next to the user name turns red to indicate that the user is blocked.

The user is now blocked and cannot authenticate with any of their WatchGuard tokens on any of their mobile devices.

When a user is blocked, the status icon next to their tokens is still listed as activated. The status icon for a token only changes when you block a specific token.

Activate a Blocked User

To activate a blocked user:

  1. From the navigation menu, select Users.
  2. In the relevant user row, click and select Activate User.

  1. Click Yes.
    The status icon next to the user name turns green to indicate that the user is activated.

The user is returned to the activated status and can authenticate with any of their unblocked WatchGuard tokens on any of their mobile devices.

Block or Unblock a Token

When you change the status of a token to blocked, the user cannot authenticate with that token, but can still authenticate with any other active tokens they have. The status icon next to each token in the Token column indicates whether the token is activated or blocked.

The general use case for this action is to prevent authentication from a specific mobile device that a token is activated on. For example, if a user loses their phone you could block the token that is activated on that device to prevent unauthorized access. This way, if the user has an active token on another device, they can still authenticate with that token.

In general, it is best practice to block a token first before you delete it. You can always change the status of a blocked token back to activated, but a deleted token cannot be restored. If you delete a token, you must create a new token for the user.

The steps to block a hardware token and a mobile token are the same.

To block or unblock a token:

  1. From the navigation menu, select Users.
  2. In the Token column, click the token to block or unblock.

  1. In the Token Management window, click Block Token or Activate Token. The option you see depends on the token status.

The status of the user's token is changed. If the token was activated, it becomes blocked and the user cannot authenticate with that token. If the token was blocked, it becomes activated and can be used for authentication.

User with a blocked token.

See Also

Activate a Software Token

About Authentication

Authentication Settings

Authentication Without Your Mobile Device

Add New Software Tokens

Resend Activation Email

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search