The WatchGuard Cloud Directory is an authentication domain where you can add users and groups that are hosted in WatchGuard Cloud. Services in WatchGuard Cloud, such as AuthPoint, can use the WatchGuard Cloud-hosted users and groups that you add to the WatchGuard Cloud Directory. This enables you to add shared users and groups in one place, the WatchGuard Cloud Directory, rather than to each service individually.
At this time, only AuthPoint supports users and groups from the WatchGuard Cloud Directory.
You can add, edit, and delete users and groups from the WatchGuard Cloud Directory. For detailed steps to add users and groups, go to Add Local Users to an Authentication Domain and Add Local Groups to an Authentication Domain.
When you add WatchGuard Cloud-hosted users, you choose whether the user is an MFA user or a non-MFA user.
MFA Users
MFA users are user accounts that will use AuthPoint multi-factor authentication to authenticate. This is not related to the AuthPoint Multi-Factor Authentication license type.
Non-MFA Users
Non-MFA users are AuthPoint users that will only ever authenticate with a password, such as a service account user.
Non-MFA users do not consume an AuthPoint user license and cannot authenticate to AuthPoint resources that require MFA. They can only authenticate to protected resources if the non-MFA user account has a password only authentication policy for that resource.
Users and groups that you add to the WatchGuard Cloud Directory are automatically added to AuthPoint.
After you add a user, you can edit the user account if you need to change their account type. When you change a user account from MFA to non-MFA, AuthPoint deletes the tokens and password vault (if applicable) that belong to the user. This action cannot be undone.
You must complete user management actions that are specific to a service from the management UI for that service. For example, to block a WatchGuard Cloud-hosted AuthPoint user account, you go to the Users page in the AuthPoint management UI.