Applies To: AuthPoint Multi-Factor Authentication, AuthPoint Total Identity Security
When you add a new AuthPoint MFA user, the user does not receive the email message to activate their token for MFA.
If a user does not receive the token activation email, you can manually send the token activation email to them. For detailed steps. go to Resend Activation Email. If a user does not have access to their email account, or if MFA is required for the email account, the user can activate their token from the IdP portal.
Symptoms
- New MFA users do not receive the token activation email message
Diagnostic Steps
- For the user or group sync, make sure the option to automatically create a mobile token is enabled.
- Have the user verify the token activation email message is not in their inbox, spam folder, or junk folder.
- Verify the email address for the user is correct.
Possible Causes and Solutions
| Possible Cause | Solution |
|---|---|
| The user account does not have a valid email address | If you sync external users to AuthPoint from Entra ID, Active Directory, or an LDAP database and a user does not receive the token activation email, make sure that the user has a valid email address. If the email address for a user account is not correct, the user cannot receive the email message to activate a token. |
| The option to automatically create a token for a WatchGuard Cloud Directory user was not enabled | If the WatchGuard Cloud Directory user is an MFA user and does not have the Automatically create a mobile token for this user option enabled, AuthPoint does not send the token activation email to that user. In this scenario, you can manually send the token activation email to the user. For detailed steps. go to Resend Activation Email. |
| The group sync is not configured to automatically assign tokens | If the LDAP user exists in AuthPoint and has the correct email address, make sure that the group sync is set up to automatically assign a mobile token to the synced users. If this option is not enabled in the group sync, AuthPoint does not send the token activation email to users from that group sync. In this scenario, you can manually send the token activation email to one or more users. For detailed steps. go to Resend Activation Email. |
| The email account is too new and cannot receive email messages yet |
Many cloud-hosted email services, such as Microsoft 365, and cloud-hosted anti-spam solutions, such as WatchGuard Email Protection, have a delay between when an account is created and when the account can receive email messages. Confirm how long it takes for an email account to become active with your email service provider and adjust the synchronization interval for your external identity to make sure there is enough time between synchronizations. Make sure you do not manually synchronize users immediately after you set up an external identity or a group sync. |
| The email message is blocked by your email server anti-spam filter |
Create an exemption to allow email messages from Authpoint and WatchGuard Cloud. You can get the required From addresses and IP addresses in theWatchGuard Cloud URLs and Network Access Requirements help topic. |