An authentication domain is a domain associated with one or more external authentication servers. In WatchGuard Cloud, you can add your authentication domain, and specify authentication servers, users, and groups. You can use authentication domains for user authentication to multiple cloud-managed devices.
You can use these server types for WatchGuard Cloud authentication domain servers:
- Active Directory
- RADIUS
- WatchGuard Cloud Directory
The WatchGuard Cloud Directory is an authentication domain where you add WatchGuard Cloud-hosted users and groups. Users and groups that you add to the WatchGuard Cloud Directory are automatically added to AuthPoint. For more information, go to About the WatchGuard Cloud Directory.
If you want to sync Active Directory or Entra ID (Azure Active Directory) users to AuthPoint, you add an external identity in AuthPoint. To learn more, go to Add User Accounts.
Only RADIUS servers are available for access point enterprise authentication. Active Directory does not support 802.1X, which is required for enterprise authentication. You can use Active Directory NPS (Network Policy Server) as a RADIUS server.
To manage authentication domains, in WatchGuard Cloud:
- If you are a Service Provider, select the name of the managed subscriber account.
- Select Configure > Directories and Domain Services.
The Authentication Domains page opens.
From this page, you can add and manage shared authentication domains for the selected account. For more information, see:
- Add an Authentication Domain to WatchGuard Cloud
- Add Users, Groups, and Devices to an Authentication Domain
- Add Servers to an Authentication Domain
- Change the Authentication Domain Name
After you add the authentication domain and add users and groups, you can add the domain to cloud-managed devices so they can use it for user authentication.
For information about how to configure the Firebox to use authentication domains, see Add an Authentication Domain to a Firebox.
For information about how to configure access points to use authentication domains, see Access Point Authentication Domains.