AuthPoint Deployment Guide

Applies To: AuthPoint Multi-Factor Authentication, AuthPoint Total Identity Security

Some of the features described in this help topic are only available to participants in the WatchGuard Beta test community. If a feature described in this topic is not available, it is a beta-only feature.

This help topic shows you how to set up and fully deploy AuthPoint, WatchGuard's multi-factor authentication solution. Some steps in this deployment guide only apply to accounts that have an AuthPoint Total Identity Security license.

For a shorter overview of how to get started and test AuthPoint, see Quick Start — Set Up AuthPoint.

You manage AuthPoint from WatchGuard Cloud. For more information about WatchGuard Cloud, see About WatchGuard Cloud.

When you set up AuthPoint, we recommend that you first connect AuthPoint to your firewall and LDAP database. To do this, you must download and install the AuthPoint Gateway that connects them with AuthPoint, then add a RADIUS client or Firebox resourcefor your firewall and an external identity for your LDAP database.

Next, you can add SAML resources for the applications that your users connect to and create authentication policies for those resources.

Finally, when everything is set up and ready to go, sync users from your LDAP database to AuthPoint.

You have now added your resources to AuthPoint, defined authentication policies for those resources, and synced your users. Before your users can authenticate with AuthPoint, they activate a token.

A token is something that contains information used to prove identity, like a digital signature or fingerprint. Users activate or install a token on a device used for authentication (known as an authenticator). This device is then used to gain access to protected resources that require MFA. To confirm your identity when you authenticate, you must prove that you have possession of the authenticator, or token, assigned to you.

AuthPoint can use two types of tokens:

Software Tokens

A software token is a token that you activate and install with the AuthPoint app on your mobile device.

When you create a user in AuthPoint, a software token is automatically created for them. The user receives an email with instructions to download the AuthPoint mobile app and activate the token on a mobile device. For more information, see Activate a Token and Add New Software Tokens.

Hardware Tokens

A hardware token is a physical device with a built-in token. You can purchase hardware tokens from WatchGuard or a third-party vendor that sells supported hardware tokens. For more information, see Hardware Tokens.

To learn how to get started with AuthPoint as a user, see AuthPoint for End-Users. If you have an AuthPoint Total Identity Security license, users can save their login credentials in a personal password vault that is available from the AuthPoint mobile app and the AuthPoint browser extension. To learn more about how to use AuthPoint password management, see Password Management.

See Also

Quick Start — Set Up AuthPoint

About AuthPoint

About the AuthPoint Mobile App

Password Management

Configure MFA

About Authentication

User Management

AuthPoint Integration Guides