Google Cloud Identity is a unified identity, access, app, and endpoint management (IAM/EMM) platform that gives users access to apps with single sign-on, provides multi-factor authentication to protect users and company data, and enforces policies for personal and corporate devices and endpoints.
N/A
WatchGuard AuthPoint
Score 9.0 out of 10
N/A
AuthPoint Total Identity Security provides businesses with a solution to protect user accounts and credentials. With
multi-factor authentication and dark web credential
monitoring, AuthPoint mitigates the risks associated with workforce credential
attacks. AuthPoint adds an extra layer of security by monitoring for
potential credential exposure in the dark web for both personal and corporate
accounts.
For example, if the system you are building is a general application service that does not primarily focus on ID management, it would be wise to use a service like Google's rather than developing your own IDaaS. While there may be cases where an IDaaS other than Google's is acceptable, Google is likely one of the best solutions when considering user recognition and ease of use. On the other hand, Gmail addresses are commonly used for other purposes, and users may not pay much attention to password management, so you should avoid using them for systems that require security. To strengthen security, you should consider making multi-factor authentication mandatory, etc.
We use multiple authenticators at my company. We use WatchGuard AuthPoint just for our VPN for security purposes. The app works very well and over the past year we've only had a handful of issues with the authentication service, and these were resolved relatively quickly. We do have to remind people to enable push notifications from the app, or have the app open when they need to use it to authenticate, otherwise they won't get the push to approve. The biggest issue I've found is that people will forget to do this and then say that the VPN isn't working - the VPN is working, it's just that they didn't get/approve the push from AuthPoint in time.
Works well with the free Authpoint client and the OpenVPN clinet.
Token management is simple and hosted completely in the cloud to reduce overall complexity
Setup was simple and and staighforward
Suppports several authentication methods we have used both RADIUS and SAML effectively, but ADFS, IDP, RDWeb, and RESTful API, and other custom apps are supported.
Geofencing for RDP has been very useful as it is independant of our firewall geofencing. This is quite useful for organizations like us who do not Geofence at at the firewall level so as to provide global access to resources on the DMZ.
This time, I investigated it in advance, and it worked as expected, so I don't have any specific ideas for improvement.
Additionally, if we were using another IDAAS, it would have been beneficial to have knowledge on how to integrate it with Google tools, along with some relevant case studies.
Email support is SLOW unless I want to allow a stranger to access my production firewall. That is never allowed here, so our hands are tied in terms of being able to get support in less than 48 hours.
Again, support takes far too long because you refuse to employ any staff that works in US time zones during normal business hours.
There has to be another option besides: 1) you take full control of my systems or 2) I wait on SLOW email support that isn't that great.
Today to ensure our ISO 27001 certification it is important that we maintain this solution. Today it is part of the way any employee within the organization works, we no longer have any other way of working and it is the simplest way to ensure that access to the workstation is done with MFA.
I chose Google because I thought it would be the best fit, but I didn't fully consider other cloud platforms (Azure, AWS, etc.), so I rated it 8. We assume that current Japanese users are familiar with Google, because we feel that there are far more people with Google email addresses than those with IDs on other cloud services.
After initial setup, it practically runs itself. Onboarding new users is fast and easy as it should be. The AuthPoint mobile app is small and simple to use. The only reason I do not give it a 10 is that I frequently get complaints from end users that the AuthPoint app is "constantly downloading". In fact, it's not downloading anything and that what the users are seeing in the app is a timer for the 6-digit code that changes every minute.
WatchGuard support is always quick and reliable. They have urgency levels that you are able to select when creating your support ticket, and they respond in accordance to the severity that you have set. I have never had an issue with getting someone on the phone in the same business day, even for very low priority issues.
It was an Onsite demo at the ditributor with the benefits of Watchguard Authpoint. Was very nice to see the abilities of the product. This Demo was a few years back, since then Authpoint changed allot. It is very nice for partners that you can get this demo without any aditional cost.
We use the online training for all our employees. There are both sales and technical trainings available and there even is a technical certification. You can use this for the Watchguard Partner Program which can give you aditional benefits. Every now and then you have a webinar that discusses multiple Watchguard products.
the first time it takes more effort. It is helpful to already understand how each authentication type works. Then it's much easier to understand the MFA solution that you implement. It is useful to check the release notes from time to time and update the key parts of the Watchguard Authpoint. Authpoint Gateway, Logon App, RDWeb... Also, it's useful to set up notifications when something goes wrong or sometimes check the statistics of how many requests are being approved/denied, etc.
We adopted Google Cloud Identity as an additional feature because it allowed us to integrate with it using multi-factor authentication. The IBM Cloud platform remains valid, and we have no plans to discontinue its use for identity management. From the user's perspective, we simply added more authentication options. This also ensures we are prepared for future use when multi-factor authentication becomes available for user apps on the IBM Cloud.
I would slot Authpoint (as a product) as better than ESET but not Duo. ESET has the same limitations as Watchguard in the OTP support. It also is an on-prem installed console rather than a cloud, which increases cost and maintenance requirements. The duo now supports standard OTP for admin accounts, so it can be managed by a team. Duo support however leaves a lot to be desired and gives Watchguard the edge
From a business perspective, there were two steps.
First, we switched from our in-house ID management system to a cloud service. This allowed us to focus our development resources on application development.
At the same time, we were able to localize the handling of personal information, which resulted in increased efficiency in management aspects, including handling external inquiries, and in the development of encryption.
The second step was adding Google Cloud Identity as an option.
This allows more users to easily use our services. It can be said that this has improved user convenience.
I expect Google to accommodate future changes in authentication requirements, such as biometric authentication.
We currently have 300 users on Authpoint, and most of them use insecure passwords. Authpoint gives us peace of mind that we don't have to police individual employee passwords.
In line with the comment above, with so many people in our organization using insecure passwords, I'm sure that Authpoint has already saved us from many potential security breaches.
Security breaches can cost a lot of money. Preventing them saves the company money and helps to achieve our bottom line.
