Add AuthPoint Groups
Applies To: AuthPoint Multi-Factor Authentication, AuthPoint Total Identity Security
In AuthPoint, groups are how you define which resources your users have access to and which Corporate Credentials are shared with them. You add users to groups in AuthPoint, then you add the groups to the authentication policies that specify which resources users can authenticate to.
You must add at least one group before you can add authentication policies or add users to AuthPoint.
There are two ways to add AuthPoint groups:
- Add WatchGuard Cloud-hosted groups to the WatchGuard Cloud Directory
- Sync groups from an external user database
Add WatchGuard Cloud-Hosted AuthPoint Groups
You create WatchGuard Cloud-hosted users and groups from the WatchGuard Cloud Directory in WatchGuard Cloud Directories and Domain Services. Directories and Domain Services is where you add shared authentication domains for WatchGuard Cloud devices and services, such as AuthPoint.
Groups that you add to the WatchGuard Cloud Directory are automatically added to AuthPoint as well. To learn how to add WatchGuard Cloud-hosted AuthPoint groups, go to Add Local Groups to an Authentication Domain.
Sync Groups from an External User Database
To sync external groups from Active Directory or Azure Active Directory, you must add an external identity in the AuthPoint management UI and configure a group sync with the option to Create new synchronized groups enabled. If you do this, when AuthPoint syncs with your external identity the sync creates new groups in AuthPoint based on the Active Directory or Azure Active Directory groups that you sync users from. External users sync to the new groups based on group membership in Azure Active Directory, in addition to the AuthPoint group specified in the group sync.
If you change the name of a synced group in Active Directory or Azure Active Directory, the synced group in AuthPoint will automatically update to match. You cannot edit the synced groups in AuthPoint.
If you delete a group in Active Directory or Azure Active Directory, or if you delete the group sync, the synced group is not deleted in AuthPoint. You must manually delete the synced group in AuthPoint.
The option to create new synchronized groups in AuthPoint does not include Active Directory and Azure Active Directory groups that are not specified in the group sync. If a synced user is a member of an Active Directory or Azure Active Directory group that is not specified in the group sync, that external group will not be created in AuthPoint.
To learn how to create an external identity and configure a group sync, go to Sync Users from Active Directory or LDAP and Sync Users from Azure Active Directory.
Sync Users from Active Directory or LDAP
Sync Users from Azure Active Directory
About AuthPoint Authentication Policies
Add Users, Groups, and Devices to an Authentication Domain