WatchGuard AuthPoint - The potential is there however so is need for further improvements
Updated March 07, 2024
WatchGuard AuthPoint - The potential is there however so is need for further improvements
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with WatchGuard AuthPoint
WatchGuard AuthPoint is being used in all our company departments, for the authentication of all our users when they connect to our network remotely via SSL VPN. We also use Authpoint for the user authentication on our NextCloud installation. We intend to use it in the future for granting access to specific applications via the WatchGuard Access Portal on our Fireboxes.
Pros
- Only one device allowed to have each token.
- Online token requirement for push notifications adds extra security.
- Very fast authentication.
Cons
- Firebox-DB users can't use AuthPoint as second form of authentication e.g., authenticate Firebox-DB users with their local password and then use AuthPoint push notification.
- AuthPoint authentication responses are not bound to a specific authentication request. The correlation between the authentication response and the authentication request is purely time based. Any authentication response for a specific user that is received in a specific time frame since the request was made is accepted as a valid response, even if it belongs to another authentication attempt!!! This does leave room for error and exploits.
- There are no AuthPoint password complexity policies that can be enforced to the AuthPoint users.
- There is no setting for each company to enforce a password reset of all company AuthPoint users every xx days.
- There is really no value that one can put on security!
- Just think of what would happen if there was a breach into the company network...
- There no too much when security is concerned!
- The peace of mind Authpoint has given us is of great value to us!
We can NOT detect password reuse, so we can't enforce any policies to avoid it. Authpoint does add an extra security layer, thus it is reducing the impact of a possible credentials leak.
TCO
8
WatchGuard AuthPoint Total Identity Security (TIS) offers a corporate password manager. We used to have a similar solution from another provider, but having one single product instead of two, does make your life easier!At the time we do not have a need to use the dark web monitoring capabilities, but we expected this to get needed more are times go by and the dark web threats get bigger and bigger!
The main reason why we selected WatchGuard AuthPoint is first of all the obvious one. We also have Firebox firewalls from WatchGuard. Aside form that they have very competitive pricing compared to the other available alternatives. Also they offer the online push notification that is way more secure than all those offline tokens.
Things did not use to be that simple at all, when we first used WatchGuard AuthPoint with our SSL VPN connections on the WatchGuard Fireboxes. One would have to setup a radius server on a domain controller and pass all the connection traffic between the Firebox and AuthPoint through an Authentication Gateway on a DC. And then set up at least one more Authentication Gateway to ensure high availability. However since version 12.7 of Fireware this is no longer needed. That was a much expected change that did really make things a lot simpler and did make us very happy!
Most users did like the extra security the mobile token offered, as they are aware of the fact that similar solutions were used by all external partner employees that have visited us. So most of our users recognize that this is a standard way of authentication these days. There were of course a few users that complained about the extra steps needed, but this is really to be expected on any such change. Overall we would consider the reception by our users to be more than positive.
We have not used the Access Portal yet, but plan to do so in the future. So we have no experiences about it so far, but we expect this to be as smooth as the migration to the SSL VPN authentication via WatchGuard AuthPoint and the NextCloud authentication. However the aim here is to make access more secure. we do not expect any reduction the number of involved passwords...
Do you think WatchGuard AuthPoint delivers good value for the price?
Yes
Are you happy with WatchGuard AuthPoint's feature set?
Yes
Did WatchGuard AuthPoint live up to sales and marketing promises?
Yes
Did implementation of WatchGuard AuthPoint go as expected?
Yes
Would you buy WatchGuard AuthPoint again?
Yes
Using WatchGuard AuthPoint
51 - Our Authpoint users come from all departments that have users that can work remotely, thus the users that have laptops.
1 - Support for Authpoint is rarely needed, but when it is we have 1 person that can provide it.
- Remote Connections via SSL-VPN
- Connections to our NextCloud installation
- Connections to our internal network via Wi-Fi
- Connection to our internal network via Wi-Fi
- Windows Login via Authpoint
Evaluating WatchGuard AuthPoint and Competitors
- Integration with Other Systems
- Ease of Use
Well as are using Watchguard Firewalls, it was an obvious choice to use Authpoint, as it would assure maximum compatibility for the authentication of our SSL VPN users.
Would only change Authpoint if we ever decided to use firewalls from another company... As long as we have our Fireboxes, Authpoint is the only way to go!
WatchGuard AuthPoint Implementation
- Implemented in-house
Change management was minimal - The adoption of Authpoint was very smooth. All our users did like it and we have not had any complaints about it!
- At the beginning, when we first deployed Authpoint, the use of an internal radius server was necessary. This gave us a hard time at the initial deployment. This is no longer needed now, so things are much simpler now!
WatchGuard AuthPoint Training
- No Training
Now that no Radius server is needed for SSL VPN user authentication, if one follows the provided guide, it is easy to make the implementation. No extra training would be needed!
Configuring WatchGuard AuthPoint
Don't be afraid of the process. Just start following the guide and everything will fall in place!
No - there is no facility to customize the interface
No - the product does not support adding custom code
We just added the company logo to our Authpoint tokes, to be able to easily differentiate them from the other tokens we store on Authpoint mobile.
WatchGuard AuthPoint Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response | None |
We have no premium support for Authpoint, as this service as stable as it can be! However we have Gold support (Total Security) for our pair of Fireboxes...
Yes - Yes, the reported bug was resolved a couple of months later.
When we last renewed our Authpoint licenses, we had 2 activation codes, an older one and a newer one. We wanted to keep the license count of the newer license and add the older license key to extend the duration of the licenses. Also the older license count was higher than the license count of the newer activation key. So we let the older license expire to be able to reduce the license count and then we entered to 2 activation keys. It turns out that we had entered them in the wrong order and the result was that we activated the user count of the wrong activation key (much lees users than we need) and this got a huge duration period! Support resolved this immediately, reset the activations we had made and gave us instructions on how to properly install the license keys!
Using WatchGuard AuthPoint
Pros | Cons |
---|---|
Like to use Relatively simple Easy to use Technical support not required Well integrated Consistent Quick to learn Convenient Feel confident using Familiar | None |
- SSL VPN Authentication via Authpoint is very easy and fast as well
- NextCloud Authentication is as easy as it gets if you need MFA!
- It is no possible at all to set a policy to force the users to reset their Authpoint password every xx days.
- It is not possible at all to set a policy the enforce the complexity level of Authpoint passwords
Yes - Authpoint mobile is great and very easy to use. It also allows adding tokens from other services, which has allowed us to use it as a universal token storage for all the tokens our users have, even the 365 tokens!
WatchGuard AuthPoint Reliability
Integrating WatchGuard AuthPoint
- NextCloud
We followed the provided guide for the NextCloud / Authpoint integration and all worked just fine!
- Windows Login
Not sure yet, but we are thinking about using Authpoint for Windows Login as well, at least for our laptops.
- Single Signon
Would like to use Auhpoint for 365 as well, but from what we have read in the guide it seems to complex, so this has made us put off our initial thoughts about 365 integrations.
Relationship with WatchGuard Technologies
We made no negotiations with the vendor. They were offering the best price in the market, so there was no margin to negotiate about.
Make a good market search before choosing your vendor. There are vendors that are much cheaper than the average and others that have way to high prices...
Upgrading WatchGuard AuthPoint
Yes - Yes, upgrade was without any issues!
- Just made the upgrade, did not check the version history to see the changes.
- Really looking forward to an option to force users to change their Authpoint password every xx days
- Also would like an option to enforce the password complexity level
Comments
Please log in to join the conversation