Hardware Tokens

A hardware token is a physical device with a built-in token that your users can use for authentication. You can purchase WatchGuard hardware tokens or you can use third-party hardware tokens with AuthPoint. To do so, you must:

  1. Buy supported hardware tokens from WatchGuard or a third-party vendor.
  2. Import hardware tokens to AuthPoint.
  3. Assign hardware tokens to users.
  4. Activate hardware tokens.

Each AuthPoint user can have up to 20 software tokens and any number of hardware tokens.

Users can authenticate with hardware tokens to any application or service that supports RADIUS authentication with the PAP protocol. Hardware tokens do not support authentication with the MS-CHAPv2 protocol.

Supported Hardware Tokens

Hardware tokens must meet these requirements:

  • Response Format — Six-digit time-based OTP that includes only numbers with a 30 or 60-second time interval
  • Algorithm — OATH time-based OTP (RFC 6238)
  • Seed Delivery — OATH PSKC file (RFC 6030)

WatchGuard hardware tokens are automatically associated with your account, so you do not need a seed file. This makes the process to import tokens safer and easier.

Import Hardware Tokens to AuthPoint

You must import hardware tokens to your AuthPoint account. The import process is different for WatchGuard hardware tokens and third-party hardware tokens.

WatchGuard Hardware Tokens

To import WatchGuard hardware tokens, you provide the serial number of an individual hardware token or a box of hardware tokens. You can import a WatchGuard hardware token into multiple accounts. You might do this if you have an administrative or support user in several managed accounts.

Third-Party Hardware Tokens

To import third-party hardware tokens into AuthPoint, you must upload a seed file and provide a key. You receive the seed file and key from your hardware token vendor. The seed file must be encrypted.

  • Seed File — The seed file is a Portable Symmetric Key Container (PSKC) file that is used to import hardware token information into AuthPoint. This file contains device information for each hardware token. The accepted file types for a seed file are .XML, .PSKC, .TXT, and .VIP.
  • Key — The key is used to decrypt the seed file so AuthPoint can validate the one-time passwords (OTPs) that the hardware tokens generate. The key can be a string of characters that you type in AuthPoint or a file that you upload. The accepted file types for a key file are .TXT and .BIN.

If you are a Service Provider, make sure that you import the hardware tokens to the AuthPoint account that will use them.

Assign a Hardware Token to a User

You can assign hardware tokens to a user from the Hardware Tokens page or the Users page.

Activate a Hardware Token

After you assign a hardware token to a user, you must activate the token before it can be used for authentication. You can activate hardware tokens from the Hardware Tokens page or the Users page.

Authentication with Hardware Tokens

You can use hardware tokens to authenticate with an OTP. You authenticate with hardware tokens the same way you authenticate with the software tokens on your phone. When you access a resource that requires authentication, select the option to authenticate with OTP and type the OTP shown on your hardware token.

For more information, see About Authentication.

Filter the Hardware Tokens List

You can apply filters to the list of hardware tokens so that it is easier to see specific tokens. You might do this after you import a large number of hardware tokens if you want to see only specific tokens in the list, such as unassigned tokens or tokens that have a specific status.

To apply filters to the hardware tokens list:

  1. Click .
    The Filter Hardware Tokens window appears.

  1. Select the filters you want to apply. You can select multiple filters.

  1. Click Apply Filters.

Each filter that you apply appears at the top of the hardware tokens list. To remove a filter, click next to the filter label.

See Also

Hardware Token Import Details

About Authentication

Block a User or Token

Add New Software Tokens

Activate a Software Token