AuthPoint Release Notes

New Features

AuthPoint as an external MFA provider for Entra (Beta)

AuthPoint now supports Microsoft 365 with Entra ID users. With this beta feature, you can use AuthPoint multi-factor authentication for Microsoft 365 with user accounts that exist only in Entra ID (accounts that are not synced with a local Active Directory server). Previously, AuthPoint could not support this use case.

To join the beta and get started, visit our beta management site.

Enhancements

• The AuthPoint mobile app for iOS has been updated to version 2.3.0.
  • Resolved an issue that sometimes caused a "User is not authorized" error message when you responded to a push notification. [AAAS-25780]
  • Resolved an issue the returned you to the token page when you try to unlock a token with the PUK code. [AAAS-25710]
  • Custom branding now correctly applies to mobile tokens. [AAAS-25589]
  • Resolved an issue that caused User Verification responses to time out and not register for operators in the AuthPoint management UI. [AAAS-25146]
  • Resolved an issue that sometimes caused an error when you checked for pending push notifications. [AAAS-25142]
  • Resolved an issue that prompted users to connect to the Internet before they could log in to their password vault, even when the device had an active Internet connection. [AAAS-25122]
  • When you open the QR code reader and grant permission for the AuthPoint mobile app to use your camera, the QR code reader now opens the camera. [AAAS-25094]
  • AuthPoint now generates only 1 audit log for each push authentication. [AAAS-24972]
  • Resolved an issue that sometimes caused an "Authentication error" error message when you responded to a push notification. [AAAS-24900]
  • Resolved an issue that caused the AuthPoint mobile app to crash. [AAAS-23965]
  • When you deny a push notification, you are now correctly shown the option to disable push notifications. [AAAS-23955]
  • Resolved an issue that caused the AuthPoint mobile app to crash when you open it. [AAAS-23939]
  • When you provision a new password vault for a user, when the user opens the password vault in the mobile app, AuthPoint now correctly prompts them to set a new vault password if they have not already done so. [AAAS-23888]
  • When you provision a new password vault for a user, the process no longer causes issues with the vault in the AuthPoint mobile app. The user can now successfully log in to and use the new password vault. [AAAS-23675, AAAS-23654]
  • When you provision a new password vault for a user, the AuthPoint mobile app now correctly deletes the passwords in the affected password vault. [AAAS-23653, AAAS-23581]
  • The back button in the mobile password manager now works correctly on iOS 18. [AAAS-23290]
  • The AuthPoint mobile app now enforces jailbreak protection and does not run on mobile devices that have been jailbroken. This fix addresses an exploit that could enable you to bypass the jailbreak detection. [AAAS-13192]
  • Minor bug fixes and improvements. [AAAS-23873, AAAS-23872, AAAS-23871, AAAS-23870, AAAS-22124, AAAS-22759]
• The AuthPoint mobile app for Android has been updated to version 2.4.0.
  • Resolved an issue that sometimes caused an "Authentication error" error message when you responded to a push notification. [AAAS-24952, AAAS-25541, AAAS-25611]
  • Resolved an issue that caused the OTP for protected tokens to be briefly visible when you leave the AuthPoint mobile app open in the background and then switch back to it. [AAAS-25591]
  • You can now successfully respond to User Verification push notifications from the notification bar. [AAAS-25583]
  • When you unlock a PIN protected token, the window now correctly shows the Forgot Your PIN option. [AAAS-25567]
  • Resolved an issue that sometimes caused an error when you checked for pending push notifications. [AAAS-25540]
  • Custom branding now correctly applies to mobile tokens. [AAAS-24740]
  • When you enter 3 incorrect PINs to unlock a token, the AuthPoint mobile app now correctly shows the cooldown timer and the option to unlock your tokens with a PUK code. [AAAS-24318]
  • Minor bug fixes and improvements. [AAAS-24472, AAAS-25571, AAAS-25570]
• Minor bug fixes and improvements. [AAAS-23249]

New Features

• The AuthPoint Gateway has been updated to version 7.4.1.
  • Fixed CVE-2025-22228. [AAAS-26082]
  • Minor bug fixes and improvements.

New Features

• The AuthPoint Gateway has been updated to version 7.4.0.
  • The AuthPoint Gateway now supports the Message-Authenticator attribute in requests and responses. This attribute protects from exploits such as Blast-RADIUS (CVE-2024-3596). To require the Message-Authenticator attribute with a Firebox, the Firebox must run Fireware v12.11.1 or higher. [AAAS-23583, AAAS-24541]
  • You can now successfully install the AuthPoint Gateway on endpoints that have WatchGuard EPDR installed. [AAAS-24891]
  • The AuthPoint Gateway now has a mechanism to block authentication requests from unknown users. [AAAS-24769]
• RADIUS resources now support the Message-Authenticator attribute in requests and responses. When you configure a RADIUS resource, you can choose to require the Message-Authenticator attribute. This feature requires the AuthPoint Gateway v7.4.0 or higher. [AAAS-24628]

Enhancements

• The Forgot Token process now generates the correct audit log messages. [AAAS-25852]
• The User Verification feature now generates audit log messages. [AAAS-25281]
• AuthPoint accounts with an expired license can now perform these actions: [AAAS-23862]
  • On the Resources page, the Add Resource and Certificate buttons are now enabled and visible.
  • On the Users page, you can apply advanced filters to the list of users.
  • On the Users page, you can select users in the list.
  • On the Users page, AuthPoint now shows the Delete Users dialog boxwhen you try to delete users.
  • You can navigate directly to the Add and Edit Resource pages with the URL.
  • You can navigate directly to the Resources page with the URL.
  • You can navigate directly to the Settings page with the URL.
  • You can navigate directly to the Users page with the URL.
• Minor bug fixes and improvements. [AAAS-25684]

Enhancements

• AuthPoint now correctly shows the option for new users to activate a token when they log in to IdP portal. [AAAS-25765]
• AuthPoint has changed the API that is used to verify whether a WatchGuard Cloud Directory user's password has been exposed in a known data breach. [AAAS-23484]

Enhancements

• Minor bug fixes and improvements. [AAAS-25454]

Enhancements

• Minor bug fixes and improvements. [AAAS-25471]

New Features

AuthPoint Incidents in ThreatSync (Beta)

You can now view and manage AuthPoint incidents in ThreatSync. AuthPoint sends incident data to ThreatSync in the form of Credential Access events. These Credential Access incidents are available:

• Login attempts with incorrect password
• User received too many push notifications
• Authentication denied by AuthPoint policy
• Token blocked by too many failed authentications
• User disabled push notifications
• Authentication attempt from an unknown user

Based on the type of Credential Access incident, you can use these remediation actions:

• Block user
• Block IP address
• Isolate device

To learn more or to report an issue, go to the ThreatSync Beta test community.

Enhancements

• Changes made to AuthPoint settings now generate audit logs in WatchGuard Cloud. [AAAS-24539]

Enhancements

• Resolved an issue with Windows 11 24H2 (version 10.0.26100) that caused Microsoft 365 applications such as Word, Excel, and Microsoft Teams to fail to authenticate to their Authpoint federated Microsoft 365 domain. AuthPoint MFA now works with Microsoft 365 applications on this version of Windows. [AAAS-23584]
• Standardized AuthPoint UI messages. [AAAS-17565]

Enhancements

• Minor bug fixes and improvements. [AAAS-23574, AAAS-24348]

Enhancements

• The AuthPoint mobile app for Android has been updated to version 2.3.0. This update include minor bug fixes and improvements. With this update, the AuthPoint mobile app can no longer be used on emulators.
• Accounts with an AuthPoint Multi-Factor Authentication license no longer see the user management options to delete a password vault and reprovision a password vault. [AAAS-24034]

Enhancements

• Updated success and error messages. [AAAS-18068]

Enhancements

• The minimum synchronization interval for AuthPoint external identities is now one hour. This change removes the previous 15 minute and 30 minute synchronization interval options. The synchronization interval determines how often AuthPoint syncs users and groups from your LDAP or Entra ID database. Existing external identities that have the synchronization interval set to 15 minutes or 30 minutes will be automatically updated to sync every one hour. [AAAS-22836, AAAS-23007, AAAS-23008]
• Resolved an issue where multiple clicks on the options to resend the activation email and resend the set password email would trigger the action once for each click. These actions now only trigger once. [AAAS-21715]
• As a Service Provider, when you change accounts from the Users page in the AuthPoint management UI, the list of users now updates to display users from the selected account. [AAAS-23014]
• When you send a user inheritance request, the list of accounts now displays accounts in alphabetical order. [AAAS-23305]
• Minor bug fixes and improvements. [AAAS-20138]

New Features

AuthPoint Logon App (Agent for macOS) v2.0

The AuthPoint agent for macOS v2.0 is now publicly available. The new agent for macOS has been redesigned with a new, improved look and feel. The agent also now supports fingerprint authentication (users can authenticate with fingerprint in place of a password). You can also use fingerprint authentication for privilege elevation operations. Combined with AuthPoint MFA, this makes the login process for protected machines easier and more secure.

The updated agent also includes bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements. [AAAS-23492, AAAS-23488]

New Features

AuthPoint Password Manager

AuthPoint operators can now delete and reprovision the password vault for Total Identity Security user accounts. You might do this if the user forgot their vault password and does not have their recovery key, or if the user no longer uses the AuthPoint password manager and they want to make sure their personal information is safe. Both options are available from the Users page in the AuthPoint management UI.

New Features

• When you set up the WatchGuard Cloud Directory and add non-MFA users without an AuthPoint license, you can now successfully navigate to the AuthPoint management UI and perform user management actions. [AAAS-23630]
• WatchGuard Cloud now generates an audit log when an AuthPoint user is automatically blocked. [AAAS-22340]

New Features

AuthPoint Logon App (Agent for macOS) (Beta)

The AuthPoint agent for macOS v2.0 is now available to beta test. The new agent for macOS has been redesigned with a new, improved look and feel. The updated agent also includes bug fixes and improvements.

To get started, join the WatchGuard Beta test community.

New Features

WatchGuard Cloud Directory

WatchGuard Cloud is centralizing user and group management in Directories and Domain Services (previously called Authentication Domains). As part of this change, you can now add WatchGuard Cloud-hosted users and groups to a new authentication domain called the WatchGuard Cloud Directory. Products in WatchGuard Cloud, such as AuthPoint, can use the users and groups that you add to the WatchGuard Cloud Directory.

When you add the WatchGuard Cloud Directory, your existing local AuthPoint users and groups automatically migrate to Directories and Domain Services in WatchGuard Cloud. This does not impact your AuthPoint configuration. You still view and manage the users and groups in AuthPoint.

We also added a new type of AuthPoint user account: non-MFA users. Non-MFA users are users that only authenticate with a password, such as a service account user. Non-MFA users do not consume an AuthPoint user license and cannot authenticate to resources that require MFA. They can only authenticate to protected resources if the non-MFA user account has a password only authentication policy for that resource. When you add new users to the WatchGuard Cloud Directory, you select whether to add non-MFA users or MFA users.

Enhancements

• The option to delete LDAP and Azure Active Directory groups in AuthPoint is available again. [AAAS-23020]

Enhancements

• The menu in the IdP portal now opens in the correct location on iPads. [AAAS-21723]

Enhancements

• When you delete a specific day or date from a time schedule policy object, the correct day or date is now deleted. [AAAS-22950]
• When you click on a policy number in the authentication policy list to change the policy priority, you now continue to see the policy number while you make edits. [AAAS-23013]

Enhancements

• The AuthPoint Gateway has been updated to version 7.3.0. This version includes minor bug fixes and improvements. [AAAS-22745, AAAS-22799, AAAS-2280]

Enhancements

• The AuthPoint Logon app (agent for Windows) has been updated to version 3.2.0. This version includes minor bug fixes and improvements.
  • Authentication policies with network location and geofence objects now correctly apply to remote desktop logins to computers with the Authpoint agent for Windows installed. [AAAS-22465, AAAS-22854]
  • Active Directory users can now successfully authenticate from allowed IP addresses that are set in network location policy objects. [AAAS-21548]
  • The AuthPoint agent for Windows now displays the correct error message when a user authenticates offline after the AuthPoint license for their account has expired. [AAAS-21529]
  • Minor improvements and bug fixes. [AAAS-21516]

Enhancements

• Minor bug fixes and improvements. [AAAS-22886]

Enhancements

• You can now choose how long users have to activate their tokens with the QR code or the link in the token activation email. This setting is available on the Settings page. [AAAS-21412]
• Minor bug fixes and improvements. [AAAS-20542]

Enhancements

• Minor bug fixes and improvements. [FCCM-8310, AAAS-21925]

Enhancements

• To configure a Firebox resource and use AuthPoint as an authentication server on the Firebox, your Firebox must run Fireware v12.7.2 or higher. If you have already configured a Firebox resource and your Firebox runs Fireware v12.7.1 or lower, you must upgrade to Fireware v12.7.2 or higher.
• For RADIUS client resources that have MS-CHAPv2 enabled, AuthPoint no longer supports authentication policies that require both password and OTP authentication. To configure OTP authentication for local users, your authentication policy must have only the OTP authentication option selected.

Enhancements

• Inherited users can now authenticate offline with the QR code and one-time password authentication methods. [AAAS-22234]
• When local AuthPoint users set or change their password, AuthPoint now verifies that the password has not been exposed in a data breach. Passwords that have been exposed cannot be used. [AAAS-21827]

Enhancements

• The AuthPoint Gateway has been updated to v7.2.2. This version includes minor bug fixes and improvements.

Enhancements

• The AuthPoint Password Manager browser extension for Chrome has been updated to v1.0.6. This version includes minor bug fixes and improvements.

Enhancements

• The AuthPoint Logon app (agent for macOS) has been updated to version 1.12.0. This version includes minor bug fixes and improvements.

Resolved Issues

• Resolved an issue that caused the Corporate Credentials page to not appear in the AuthPoint menu. [AAAS-21356]

Enhancements

• AuthPoint has updated the version of the Angular application framework used by the AuthPoint IdP portal. This enhances the security and performance of the IdP portal and updates the appearance of the user interface. This enhancement only applies to modern browsers such as Edge, Chrome, Safari, or Firefox, and Windows computers that run Windows 10 or higher. You can continue to use Internet Explorer or Windows 8.1 or lower with the IdP portal, but you will not have the security enhancements or the updated UI. For more information, go to this KB article. 

Resolved Issues

• Resolved an issue that caused the Corporate Credentials page to not appear in the AuthPoint menu. [AAAS-21356]

New Features

AuthPoint Logon App (Agent for Windows) v3.1.0

The AuthPoint Logon App (agent for Windows) version 3.1.0 is now publicly available. The new agent for Windows v3.1.0 now supports MFA for Windows User Account Control (UAC). When UAC is enabled on a Windows computer and a user tries to perform an action that requires administrative privileges, such as allowing an app to make changes to the device, the UAC prompt now requires the user to authenticate with MFA as well as provide their password.

The updated agent for Windows also includes minor bug fixes and improvements.

Enhancements

• The AuthPoint Password Manager browser extension for Safari has been updated to v1.0.6. This version includes minor bug bixes and improvements.

Resolved Issues

On 16 October 2023, WatchGuard announced an update to the Angular application framework used by the AuthPoint IdP portal that affected our support of Internet Explorer and Windows 8.1. Because the impact of this change on our customers was greater than expected, we decided to roll back this update and continue to support Internet Explorer and Windows 8.1.

On 15 February 2024, we reintroduced the update but made the decision to roll back the update again on 21 February 2024 because of significant customer impact. For more information, go to this KB article. 

New Features

AuthPoint Agent for RD Web v1.3.0

The AuthPoint agent for RD Web has been updated to version 1.3.0. This new version includes minor bug fixes and improvements.

Enhancements

• AuthPoint has updated the version of the Angular application framework used by the AuthPoint IdP portal. This enhances the security and performance of the IdP portal and updates the appearance of the user interface. Because of this update, AuthPoint no longer supports Internet Explorer or Windows 8.1 for the IdP portal. For more information, see this Knowledge Base article. [AAAS-20271]

Resolved Issues

• In the Configure > AuthPoint > Summary page, the Groups widget now states that the number of users shown for the largest group is licensed users only. [AAAS-21393]

Resolved Issues

• When you apply filters to the list on the Users page and refresh the page, the filters now correctly continue to work and filter the list. [AAAS-21371]
• When you apply filters to the list on the Users page and change the pagination or go to the next list page, the filters now correctly continue to work and filter the list. [AAAS-21105]

New Features

AuthPoint Logon App (Agent for Windows) (Beta)

The new agent for Windows v3.1 now supports MFA for Windows UAC (user account control). When a user tries to perform an action that requires administrative privileges, such as allowing an app to make changes to the device, the UAC prompt now requires the user to authenticate with MFA in addition to providing their password.

The updated agent for Windows also includes minor bug fixes and improvements.

To get started, join the WatchGuard Beta test community.

Enhancements

• The User field in the user verification audit logs now shows the user name instead of the user email address. [AAAS-19401]

Resolved Issues

• Resolved an issue that caused blocked LDAP and Azure Active Directory users to become active again when AuthPoint syncs with your external identity. [AAAS-21549]

Resolved Issues

• The activation of new trade-up Fireboxes no longer removes the old Firebox from WatchGuard Cloud. If you have configured your old Firebox as a Firebox resource in AuthPoint, that resource now continues to work after the trade-up device is activated so that you have time to set up and configure your new Firebox before you retire the old Firebox. [ITPRD-6219]

Resolved Issues

• Forgot Token mode is now correctly disabled when a user authenticates with MFA. [AAAS-21340]

Resolved Issues

• Azure Active Directory users that have a password that contains an umlaut (a mark used over a vowel) can now successfully authenticate to Firebox resources. [AAAS-21226]

Resolved Issues

• When you add a Multi-Factor Authentication license to an account with a Total Identity Security trial, corporate credentials no longer remain available for that account. [WCD-15929]

Resolved Issues

• For tier-1 Subscriber accounts, on the Configure AuthPoint > Summary page, the Blocked Tokens tile now correctly links to the Users page with filters applied to only show users with blocked tokens. [WCD-15805]

Resolved Issues

• When you create a new AuthPoint user, you no longer have to refresh the Users page to see the new user account. [AAAS-19941]
• For tier-1 Subscriber accounts, on the Configure AuthPoint > Summary page, the Blocked Tokens tile now correctly links to the Users page with filters applied to only show users with blocked tokens. [WCD-15805]

Resolved Issues

• On 16 October 2023, WatchGuard announced an update to the Angular application framework used by the AuthPoint IdP portal that affected our support of Internet Explorer and Windows 8.1. Because the impact of this change on our customers is greater than expected, we have decided to roll back this update and continue to support Internet Explorer and Windows 8.1 for now. We will reintroduce the update after giving our customers more time to prepare.

Resolved Issues

• When you upgrade an AuthPoint trial from Multi-Factor Authentication to Total Identity Security, you can now successfully add AuthPoint user accounts. [AAAS-20819]
• You can no longer add new AuthPoint users after your trial ends. [AAAS-20880]
• When you reduce the AuthPoint allocation for a managed account that has already had a trial to 0 users, AuthPoint trials are no longer immediately available. [AAAS-20868]
• When you deallocate an AuthPoint Multi-Factor Authentication term license from a managed Subscriber account and then enable a trial for that account, you can now successfully add users. [AAAS-20835]

Resolved Issues

• AuthPoint has updated the version of the Angular application framework used by the AuthPoint IdP portal. This update enhances the security and performance of the IdP portal. Because of this update, AuthPoint no longer supports Internet Explorer or Windows 8.1 for the IdP portal. For more information, see this Knowledge Base article.

Resolved Issues

• You can no longer save resources if a required field is empty. [AAAS-20137]

Resolved Issues

• When you go to the Import Tokens page and then change accounts in Account Manager, any error messages on the page are now cleared. [AAAS-20310]
• When you go to the Add or Edit page for a SAML resource and resize the browser window, the Remove file link next in the Certificate section now displays correctly. [AAAS-20141]

Resolved Issues

• When you log in with Forgot Token mode active, the UI no longer shows the option to enable Forgot Token mode. [AAAS-19626]
• On the Tokens page, the Activation Date column has been resized. [AAAS-19955]
• As a Service Provider, when you go to Monitor > AuthPoint for a managed Service Provider account and click View All on the Denied Push Notifications tile, you now go to the correct page and see the list of all denied push notifications from accounts under the managed Service Provider. [WCD-15368]

Enhancements

• The AuthPoint mobile app for Android has been updated to version 2.2.0.

  • When you log in to your password vault, the password manager now creates a session and remembers you for five minutes. While your session is active, you are not prompted to authenticate with your PIN or biometrics when you use the password manager. If you leave the password manager while you have an active session, the password manager does not clear form fields. [AAAS-19938]
  • The Manage Sessions feature in the AuthPoint mobile app is now called End Sessions.This update makes the mobile app UI consistent with the browser extensions. [AAAS-19368]
  • If you enter an incorrect PIN too many times, you can no longer disable PIN protection for tokens without entering the PIN. [AAAS-19614]
  • You can now successfully use the QR code scanner to activate mobile tokens on Android devices that do not have Google Play Services. [AAAS-19973]
  • The QR code scanner in the AuthPoint mobile app now works correctly for Huawei, Xiaomi, and Redmi devices. [AAAS-15146]
  • When you deny a push notification from the quick settings menu, the AuthPoint app now correctly denies the push and prompts you to disable push notifications. This resolves an issue from v2.1.0 of the AuthPoint mobile app. [AAAS-19631]
  • Resolved an issue that caused some pages and windows to extend beyond the edge of the screen when you viewed the app in landscape mode. [AAAS-19424]
  • In the Spanish language mobile app help, the logo in header now correctly links to the help home page. [AAAS-19788]
  • When you end all password vault sessions from an Android device, you are now returned to the password manager home screen. [AAAS-18776]
  • If you leave the page where you set your vault password the first time you log in to your password vault in the AuthPoint mobile, you are now correctly prompted to set your vault password when you log in to the password vault with the same user account. [AAAS-20395]
  • The password manager now shows a more specific error message when you attempt to log in to the password vault in the mobile app with a user account that has been deleted. [AAAS-19622]
  • We updated the links to the Privacy Policy and the Terms and Conditions, and moved the links from the Settings page (in the password manager) to the About page. [AAAS-19978]
  • In the prompt to also AuthPoint to show alerts when other apps are open, the OK button now says Cancel. This update makes the Android UI consistent with the iOS UI. [AAAS-19553]
  • Localized new strings and messages for the AuthPoint mobile app. [AAAS-19668, AAAS-19776]

• The AuthPoint mobile app for iOS has been updated to version 2.2.0.

  • When you log in to your password vault, the password manager now creates a session and remembers you for five minutes. While your session is active, you are not prompted to authenticate with your PIN or biometrics when you use the password manager. If you leave the password manager while you have an active session, the password manager does not clear form fields. [AAAS-19939]
  • The Manage Sessions feature in the AuthPoint mobile app is now called End Sessions.This update makes the mobile app UI consistent with the browser extensions. [AAAS-19519]
  • You can now successfully edit token names. This resolves an issue from v2.1.0 of the AuthPoint mobile app. [AAAS-19771]
  • When you deny a push notification from the quick settings menu, the AuthPoint app now correctly denies the push and prompts you to disable push notifications. This resolves an issue from v2.1.0 of the AuthPoint mobile app. [AAAS-19594]
  • When you manually set the date and time on your device and sync your token, the push notification page now displays the correct date and time. [AAAS-17726]
  • In the Spanish language mobile app help, the logo in header now correctly links to the help home page. [AAAS-19468]
  • When you log in to your password vault with a user account that has not set a vault password and you choose to log out on the Unlock Your Vault page, you are now returned to the password manager home screen. [AAAS-19392]
  • Resolved an issue that caused the token name to display in a larger font size when you open the password manager and are prompted to select a user account. [AAAS-19421]
  • The password manager now shows a more specific error message when you attempt to log in to the password vault in the mobile app with a user account that has been deleted. [AAAS-19510]
  • Updated the links to the Privacy Policy and the Terms and Conditions, and moved the links from the Settings page (in the password manager) to the About page. [AAAS-19986]
  • Localized new strings and messages for the AuthPoint mobile app. [AAAS-19668, AAAS-19776]

Resolved Issues

• When you delete a group, AuthPoint now successfully confirms the group dependencies. [AAAS-20358] [AAAS-19699]
• Added new messages for when a Subscriber deletes an inherited user account and when a Service Provider ends user inheritance. [AAAS-14892]

Enhancements

• You can now filter the Users list to show users that do not have a mobile token assigned or pending activation. [AAAS-12028]
• AuthPoint now shows an error message when you attempt to upload a seed file or key file that is not valid for third-party hardware tokens. [AAAS-19694]
• When you open the Download ADFS Config window on the Downloads page, you must select a Gateway before you can select the ADFS resource to download the configuration file for. [AAAS-19703]
• When you go to the Downloads page and then change accounts in Account Manager, the Download Config buttons now refresh and are associated with the correct account. [AAAS-19702]
• When you log in to the application portal with Forgot Token mode enabled and refresh the page, the application portal now correctly displays the protected resources that are available to you. [AAAS-19957]
• Single logout now works correctly when you log out of a protected Citrix SAML application. [AAAS-20150]

Enhancements

• Minor bug fixes and improvements.

New Features

AuthPoint Logon App (agent for Windows)

The AuthPoint Logon App (agent for Windows) version 3.0.1 is now publicly available. The new agent for Windows v3.0.1 now includes support for Windows Hello.

• Windows Hello enables users to log in with a PIN, facial recognition, or fingerprint in place of a password.
• Combined with AuthPoint MFA, this makes the login process for protected machines easier and more secure.

The updated agent also includes these bug fixes and improvements:

• The AuthPoint Logon app (agent for Windows) now supports Windows Hello. [AAAS-14140]
• When you open an RDP connection, audio on your computer is now muted correctly. [AAAS-18323]
• When you authenticate with the Logon app on a computer that runs Windows 11, the details for push notification and QR codes now correctly show the operating system as Windows 11. [AAAS-19104]
• Increased the number of authentication attempts allowed for Azure Active Directory user accounts to resolve an issue where user accounts could become prematurely locked. [AAAS-12645]
• When you open an RDP connection to a computer that runs Windows 8.1 or Windows Server 2012R2 and has the Logon app installed, the MFA page now displays immediately after you enter your password. [AAAS-17904]
• Resolved an issue that enabled Azure AD user accounts that were locked out to log on locally without MFA to computers with the Logon app v2.8.2 or lower installed. [AAAS-16626]
• Resolved an issue that caused some RDP connections to show a blank screen with no logon options when the computer became locked. [AAAS-19226]
• Resolved an issue where deactivated Active Directory users could log in to a computer with the agent for Windows installed without MFA (user name and password are still required). [AAAS-11726]

Enhancements

• In the Authentication Policies list, the labels in the Resources and Policy Objects columns are now right aligned. [AAAS-19040]
• When you configure a new external identity and clear the LDAPS check box for the first time, the Server Port now correctly changes from 636 to 389. [AAAS-20120]
• Updated the error message that appears when an operator uses the User Verification feature for a user account that has disabled push notifications. [AAAS-19210]
• All lists in the AuthPoint management UI now include a count of the total records in the pagination controls. [AAAS-18377, AAAS-18386]
• When you apply filters to the Tokens list and then change accounts in Account Manager, the Tokens page now clears all filters. [AAAS-19000]
• When you use the search field to filter the list on any AuthPoint page and then change accounts in Account Manager, the page now clears the search field. [AAAS-18660]
• When you select a column to sort the list on any AuthPoint page and then change accounts in Account Manager, the table now reverts to the default sort order. [AAAS-18999]
• When you view the second page of any list with pagination and then change accounts in Account Manager, the list now displays correctly. [AAAS-17649]
• Minor updates to the layout of the Downloads page. [AAAS-15810]
• Minor updates to the Add Authentication Policy page. [AAAS-15011]
• Minor updates to the Add Resource page. [AAAS-15014]
• Minor updates to the Add User page. [AAAS-15792]
• Minor updates to the Add Group page. [AAAS-15804]
• Minor updates to the Add External Identity page. [AAAS-15808]
• Minor updates to the Settings page. [AAAS-15811]
• Minor updates to the Add Gateway page. [AAAS-18332]
• Minor updates to the User Inheritance Requests page. [AAAS-18333]
• Minor updates to the Add Corporate Credentials page. [AAAS-18334]
• Minor updates to the Import Tokens page. [AAAS-18347]
• Minor updates to the display style for all AuthPoint lists. [AAAS-15010, AAAS- 15791, AAAS-15813, AAAS-17968, AAAS-17969, AAAS-18300, AAAS-18301, AAAS-18302, AAAS-18303, AAAS-19043]

New Features

AuthPoint Total Identity Security

AuthPoint Total Identity Security, which includes the AuthPoint Password Manager and Dark Web Monitor, is now generally available. For more information, go to the AuthPoint Help in Help Center.

Enhancements

• Users who click Forgot Token can now log in to Procore and Zimbra from the IdP portal without issues. [AAAS-19710, AAAS-19770]

Enhancements

• The Activation Activity report now shows the correct number of token activations. [AAAS-19870]
• The AuthPoint Gateway has been updated to v7.2.1. This version includes minor bug fixes and improvements. [AAAS-19660, AAAS-19712]

New Features

AuthPoint Logon App (Agent for Windows) (Beta)

The AuthPoint Logon App (agent for Windows) version 3.0 is now available to beta test. The new agent for Windows v3.0 now includes support for Windows Hello.

• Windows Hello enables users to log in with a PIN, facial recognition, or fingerprint in place of a password.
• Combined with AuthPoint MFA, this makes the login process for protected machines easier and more secure.

To get started, join the WatchGuard Beta test community.

New Features

AuthPoint Token Activation Email for New Users

When you add or sync a user account, you can now choose whether to have AuthPoint create a mobile token for the new user account and send an email to the user to activate their mobile token. AuthPoint does this by default. This gives you more control when you create new user accounts. For example, you might choose not to create a token or send the token activation email for users that use hardware tokens for authentication, or for service accounts that bypass MFA with basic authentication.

Enhancements

• Resolved an issue that kept a password manager session logged after you logged out of the IdP portal in Edge. [AAAS-17308]
• The placeholder text for the IdP portal log in text box now displays correctly in French and Spanish. [AAAS-19213]

New Features

AuthPoint Mobile App v2.1.0

When you deny an AuthPoint push notification, you can choose to disable push notifications temporarily. You might do this to protect yourself from phishing attacks when you receive many spam push notifications. Attackers send spam push notifications to get users to mistakenly approve an MFA authentication request. When you disable push notifications, you can still authenticate with one-time passwords and QR codes.

The AuthPoint mobile app v2.1.0 for Android and iOS also include bug fixes and improvements. For a complete list of changes, see the bulleted list below.

AuthPoint Total Identity Security (Beta Update)

The AuthPoint Password Manager browser extensions for Chrome, Safari, Edge, and Firefox have been updated to v1.0.5.

• The AuthPoint browser extension for Chrome no longer autofills credentials for sandboxed websites. [AAAS-19364]
• Minor updates to UI text and error messages. [AAAS-19182, AAAS-18868, AAAS-18867, AAAS-18734, AAAS-18604, AAAS-18565, AAAS-18564, AAAS-18249, AAAS-18088]
• Updated the UI so that field labels and other text is the same across all platforms for the mobile app and browser extensions. [AAAS-19099]
• The menu no longer shows the Security Report menu item twice in Chinese. [AAAS-18768]
• The Import Data and Export Data tabs now display a favicon in Firefox browsers. [AAAS-18125]
• You can now successfully copy the user name and password for vault entries in the AuthPoint browser extension for Safari. [AAAS-18083]
• The password menu now displays correctly when you open the menu for passwords at the bottom of the list. [AAAS-17713, AAAS-17661]
• Resolved an issue that occurred when an AuthPoint user account is deleted while the user is logging in to their password vault in the Chrome browser extension. [AAAS-17642]
• When you share a password, you no longer see backend user accounts. [AAAS-17699]
• Minor bug fixes and improvements. [AAAS-17721]

The AuthPoint mobile app for iOS has been updated to version 2.1.0.

• The camera now opens successfully when you activate your first token. [AAAS-19202]
• When you add, edit, or delete a password while your device does not have an Internet connection, autofill now correctly shows the updated password. [AAAS-19102]
• Updated the UI so that field labels and other text is the same across all platforms for the mobile app and browser extensions. [AAAS-19099]
• You can now successfully run the Leaked Passwords report. [AAAS-19092]
• Resolved an issue that caused an error message to appear when you made edits to a password and saved your changes. [AAAS-19089]
• Resolved an issue that prevented users from logging in to the password manager when they used autofill for a shared Corporate password. [AAAS-19088]
• You are now correctly prompted to enter your vault password when your login session is expired. [AAAS-19053]
• If you have not enabled autofill in your device settings, you are now prompted to do so when you log in to the password manager. On iOS devices, the Device Settings page now includes instructions to enable autofill in your device settings. [AAAS-19050, AAAS-17887]
• When you end all active sessions, users on iOS devices are now returned to the password manager user selection page. [AAAS-19049]
• Updated the password manager icon. [AAAS-18988, AAAS-18079]
• Resolved an issue that required users to enter their vault password again when they use the back button to leave the password manager. [AAAS-18890, AAAS-18585]
• The password manager now uses the correct language when the device system language is Chinese. [AAAS-18152]
• Resolved an issue that caused the app to not load properly when you return to the password manager in the AuthPoint app after minimizing the app or putting it in the background. [AAAS-18150]
• Updated an error message. [AAAS-18145]
• Resolved an issue where tokens with long names would hide the names of additional tokens for a user on the password manager login screen (where you select which user to log in as). [AAAS-18103]
• Updated the error message that displays when you open the password manager without an Internet connection after your PairingId has expired. [AAAS-18084]
• Resolved an issue that sometimes prevents users from opening the password manager when the device does not have an Internet connection. [AAAS-17892]
• Reduced the time it takes to open the password vault on iOS devices. [AAAS-17888]
• The AuthPoint mobile now supports landscape mode when you rotate your device. [AAAS-17822]
• Autofill now correctly shows the current passwords in your vault when you add, edit, or delete, a password. [AAAS-17678]
• Resolved an issue that caused the Settings page to display incorrectly. [AAAS-17674]
• You can now log in to the password manager on devices that run iOS15 or lower without an Internet connection. [AAAS-17532]
• The autofill UI for iOS now has a label in the search bar. [AAAS-17483]
• Autofill now shows the passwords for the user that most recently logged in to the password manager in the AuthPoint mobile app. This resolves an issue where autofill used the passwords of the first user to log in to the password manager, even if another user was currently logged in. [AAAS-17480]
• Minor bug fixes and improvements. [AAAS-19081, AAAS-19080, AAAS-18924, AAAS-18584, AAAS-17673]

The AuthPoint mobile app for Android has been updated to version 2.1.0.

• Updated the UI so that field labels and other text is the same across all platforms for the mobile app and browser extensions. [AAAS-19099]
• When you edit a shared password, the Share Password button correctly indicates how many users the password is shared with. [AAAS-18918]
• Resolved an issue that prevented users from logging in to the password manager when they used autofill for a shared Corporate password. [AAAS-18893]
• Resolved an issue that caused an error message to appear when you made edits to a password and saved your changes. [AAAS-18892]
• Resolved an issue where the back button sometimes did not register clicks. [AAAS-18785]
• You can now successfully run the Leaked Passwords report. [AAAS-18769]
• You can now successfully manually activate third-party tokens. [AAAS-18752]
• You can now successfully migrate third-party tokens on Android 12. [AAAS-18622]
• The color of the banner buttons have been updated to match the color of other buttons in the password manager. [AAAS-18279]
• Resolved an issue that sometimes prevents users from opening the password manager when the device does not have an Internet connection. [AAAS-18224]
• When you switch from autofill to the password manager in the AuthPoint mobile app, you must log in to your password vault with a PIN or biometrics. [AAAS-18218]
• The password manager now uses the correct language when the device system language is Chinese. [AAAS-18153]
• The password manager icon is now disabled if you do not have any AuthPoint tokens. [AAAS-18127]
• Updated the password manager icon. [AAAS-18078]
• If you have not enabled autofill in your device settings, you are now prompted to do so when you log in to the password manager. On iOS devices, the Device Settings page now includes instructions to enable autofill in your device settings. [AAAS-17939]
• You are no longer prompted to enter your PIN to approve a push notification for a token that has already been unlocked. [AAAS-17883]
• The app now displays the correct language for mobile devices that use Portuguese (Brazil). [AAAS-17837]
• The AuthPoint mobile now supports landscape mode when you rotate your device. [AAAS-17823]
• When you tap on a password, the default behavior is now to open the URL for that password (previously it opened the Edit Password page). You can change the default behavior in the password manager settings. [AAAS-17820]
• Autofill now displays correctly after you change the system language on your mobile device. [AAAS-17549]
• When you view the current active sessions on the Manage Sessions page, sessions for Android devices are now removed from the list when the user logs out on that device. [AAAS-17301]
• Minor bug fixes and improvements. [AAAS-19358, AAAS-18942, AAAS-18770]

Enhancements

• An audit log is now generated when a user deletes a token on their mobile device.[AAAS-19508]
• As a tier-1 Subscriber account, you now see an explanatory error message when you select the User Inheritance menu item. User inheritance is not available for tier-1 Subscriber accounts. [AAAS-19316]
• When you send a user inheritance request, the Users to Inherit field now searches the user name in addition to the first name and last name. [AAAS-14950]

Enhancements

• You can now edit the Roles for Amazon AWS SAML resources. [AAAS-19284]

Enhancements

• The AuthPoint agent for ADFS has been updated to v1.2.2. On the authentication page, the one-time password and QR code verification text boxes no longer display selection arrows. [AAAS-18680]
• • The AuthPoint Gateway has been updated to v7.2.0.
  • You can no longer install a version of the Gateway that is already installed. [AAAS-18963]
  • Resolved an issue that prevented AuthPoint from syncing users from an OpenLDAP server when you configure the Main attribute to the LDAP user in your external identity to use the same value as another attribute, such as Attribute related to the user login. [AAAS-18962]
  • If you try to install the Gateway on a server that does not have Java, the installation wizard now includes a recommendation for Amazon Corretto 15 (in addition to Corretto 8 and 11). [AAAS-19165]
  • Resolved an issue that caused the connection test for external identities to indicate a successful connection, even when the source IP address for the external identity was not correct. [AAAS-19271]
  • AuthPoint now shows an error message when you add an advanced query for an external identity that AuthPoint cannot connect to. [AAAS-19273]

Enhancements

• For Service Providers, when you choose to set a custom expiration date for an AuthPoint allocation, the default expiration date is now 1 year from the current date. [WCD-13141]

Enhancements

• AuthPoint external identities now successfully sync user accounts when the synchronization interval is configured to sync user accounts every 24 hours at 12:00 AM or 12:00 PM. This update resolves a known issue that caused AuthPoint to not recognize these times as valid. [AAAS-18674]
• When you add a redundant address for an LDAP external identity, you can now press the Enter key to submit data in the Server Address and Server Port text boxes. [AAAS-18712]
• When you create a user inheritance request, you can now press the Enter key to submit and send the request. [AAAS-18717]

Enhancements

• The AuthPoint agent for Windows has been updated to v2.8.2.514. This release resolves an issue that caused the Logon app to freeze after a push notification is sent. [AAAS-17644, AAAS-18385]
• When you import WatchGuard hardware tokens, you can now press the Enter key to submit data in the token serial number text box to search for hardware tokens. [AAAS-18711]

Enhancements

• When you log in to the AuthPoint application portal (IdP portal), the focus is now set to the search bar. [AAAS-19183]

Enhancements

• The Dates field for time schedule policy objects no longer accepts invalid characters. AuthPoint now displays an error message if you enter a character that is not valid. [AAAS-15890]

Enhancements

• When you add a secondary Gateway, you can now press the Enter key to submit data in the Name text box and create the secondary Gateway. [AAAS-18713]
• When you add or edit a SAML or Logon app resource, you can now press the Enter key to submit data entered in fields. [AAAS-18707]
• Resolved an issue that prevented the creation of secondary Gateways in some scenarios. [AAAS-19164]

New Features

AuthPoint Trial Management

AuthPoint trials are now managed in WatchGuard Cloud. From the Trials page, you can activate, extend, upgrade, and cancel AuthPoint trials for your account and accounts that you manage. This makes it easier to start and manage trials for accounts you manage.

Enhancements

• You can now successfully search and filter resources in the IdP portal with search queries that include special characters. [AAAS-18786]
• Minor bug fixes and improvements. [AAAS-18921]

Enhancements

• The AuthPoint agent for Windows (Logon app) has been updated to v2.8.0.511. This release resolves a signing issue with the previous version of the software. [AAAS-19072]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• You can now sort and filter the tiles in the AuthPoint application portal (IdP portal). This makes the portal easier to use. [AAAS-17913]
• When you add or edit an external identity, there is now an info popup next to the Synchronization Interval field. This popup informs you that for Azure AD external identities, the Synchronization Interval time is in UTC and for LDAP external identities, the Synchronization Interval time uses the time zone of the LDAP server. [AAAS-18624]
• You can no longer add Exceptions (IP masks) that end with /0 to geokinetics policy objects. [AAAS-18558]
• The Resources tile on the AuthPoint Summary page now displays correctly for new accounts and accounts that do not have any resources. [AAAS-18443]
• Minor bug fixes and improvements. [AAAS-18714]

Enhancements

• Minor bug fixes and improvements. [AAAS-18661]

New Features

AuthPoint Logon App (Agent for Windows)

The AuthPoint Logon App (agent for Windows) version 2.8 is now publicly available. We’ve redesigned the new agent for Windows to give you more control over how the agent handles logins from users that do not have an AuthPoint user account. When you configure the Logon App resource in AuthPoint, you can now choose from these options:

• Do not allow non-AuthPoint users
• Allow specific non-AuthPoint users to log in without MFA
• Allow all non-AuthPoint users to log in without MFA

Previously, you could only allow up to 50 specific non-AuthPoint users to log in to computers or servers with the agent for Windows installed.

The updated agent also includes these bug fixes:

• The agent for Windows now displays a configuration error if the configuration file is missing. [AAAS-16558, AAAS-17688]
• The agent for Windows now displays the option to automatically send push notifications on the MFA page in all supported languages. [AAAS-16627]
• The agent for Windows now correctly identifies the source IP address of incoming RDP connections when multiple users are logged into the same Windows host. [AAAS-15034, AAAS-16686]
• The agent for Windows now displays correctly on computers with 4K resolution displays. [AAAS-18027]
• The agent for Windows now limits the size of the local authentication policy cache. This improves response times and stability when the agent is installed on a terminal server. [AAAS-12197]

Enhancements

• When you add an external identity to sync users, you now select the external identity type on the Add External Identity page. This makes it easier to change your selection. [AAAS-15807]
• When you add a resource, you now select the resource type on the Add Resource page. This makes it easier to change your selection. [AAAS-15012]
• When you import hardware tokens, you now select type of hardware token on the Import Tokens page. This makes it easier to change your selection. [AAAS-15812]
• When you disable MS-CHAPv2 for RADIUS client and Firebox resources, AuthPoint now removes any data that you entered in the MS-CHAPv2 fields. [AAAS-18418]
• When you disable the option to Allow specific non-AuthPoint users for a Logon app resource, AuthPoint now removes all user names that you entered in the Add User Names text box. [AAAS-18379]
• When you add or edit a resource and then change accounts in Account Manager, the resource page now clears all fields and scrolls to the top of the page. [AAAS-17060]
• When you add or edit an external identity and then change accounts in Account Manager, the External Identity page now clears all fields and scrolls to the top of the page. [AAAS-17064]

New Features

Geokinetics Policy Objects

Geokinetics policy objects are now publicly available. With this feature, you can create policy objects that compare the user's current location and the location of their last valid authentication. AuthPoint automatically denies authentications from a location the user could not have travelled to since their previous authentication, based on the distance and time between authentications.

Enhancements

• You can now successfully change the Time Zone when you add or edit a time schedule policy object. [AAAS-18399]

New Features

AuthPoint Logon App (Agent for Windows) (Beta)

The AuthPoint Logon App (agent for Windows) version 2.8 is now available to beta test. We’ve redesigned the new agent for Windows to give you more control over how the agent handles logins from users that do not have an AuthPoint user account. When you configure the Logon App resource in AuthPoint, you can now choose from these options:

• Do not allow non-AuthPoint users
• Allow specific non-AuthPoint users to log in without MFA
• Allow all non-AuthPoint users to log in without MFA

Previously, you could only allow up to 50 specific non-AuthPoint users to log in to computers or servers with the agent for Windows installed.

To get started, join the WatchGuard Beta test community.

New Features

AuthPoint Gateway

The AuthPoint Gateway version 7.1 is now publicly available. This new version includes performance improvements and minor bug fixes.

Geokinetics Policy Objects (Beta)

AuthPoint now supports a new type of policy object: geokinetics. With this feature, you can create policy objects that compare the user's current location and the location of their last valid authentication. AuthPoint automatically denies authentications from a location the user could not have travelled to since their previous authentication, based on the distance and time between authentications.

To get started, join the WatchGuard Beta test community.

Enhancements

• Minor bug fixes and improvements. [AAAS-18375]

Enhancements

• The appearance of headings and page titles throughout the AuthPoint management UI have been updated to maintain a consistent look and feel with the rest of WatchGuard Cloud. [AAAS-18264]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• AuthPoint now shows an error message when you add a local AuthPoint user with a user name that matches an existing user name but with different capitalization, such as "testuser" and "TestUser". [AAAS-16570]
• When you configure the Logon app, you can now successfully specify user names with Japanes characters as non-AuthPoint user that can log in without MFA. [AAAS-18004]
• When you add or edit a Gateway and then change accounts in Account Manager, the Gateway page now clears all fields and scrolls to the top of the page. [AAAS-17061]
• Minor bug fixes and improvements. [AAAS-14859]

Enhancements

• The AuthPoint mobile app for iOS has been updated to version 2.0.1.
  • If you only have one token in the mobile app, you are no longer prompted to select which user to log in to the Password Manager with. [AAAS-17818]
  • If you have multiple tokens in the mobile app, the page that prompts you to select which user to log in to the Password Manager with now displays the token names associated with each email address. The order of the list now matches the order of your tokens. This makes it easier to identify your user accounts. [AAAS-17833]
  • The AuthPoint app now has a Password Manager icon at the top of the screen, so you can easily log in to your password vault. Tap this icon to open the Password Manager, or select Password Manager from the app menu. [AAAS-17816]
  • When you open the URL for a Password, the web page now opens in an external browser instead of within the mobile app. [AAAS-17819]
  • The Back button now correctly returns you to the previous page, instead of exiting the Password Manager. [AAAS-17432]
  • On the Push notification page, the token name is now properly centered on the page. [AAAS-17056]
  • Minor bug fixes and improvements. [AAAS-17627, AAAS-17710, AAAS-17731, AAAS-17926]
• The AuthPoint mobile app for Android has been updated to version 2.0.2.
  • If you only have one token in the mobile app, you are no longer prompted to select which user to log in to the Password Manager with. [AAAS-17817]
  • If you have multiple tokens in the mobile app, the page that prompts you to select which user to log in to the Password Manager with now displays the token names associated with each email address. The order of the list now matches the order of your tokens. This makes it easier to identify your user accounts. [AAAS-17834]
  • The AuthPoint app now has a Password Manager icon at the top of the screen, so you can easily log in to your password vault. Tap this icon to open the Password Manager, or select Password Manager from the app menu. [AAAS-17815]
  • When you download the recovery key PDF for your password vault, the AuthPoint mobile app now shows a success message to indicate that the file has downloaded. [AAAS-17383]

New Features

AuthPoint Total Identity Security (Beta Update)

The AuthPoint Password Manager browser extensions for Chrome, Safari, Edge, and Firefox have been updated to v1.0.3.

• On the Passwords page, when you click on a password, the default behavior is now to open the URL associated with that password in a new page. Previously, the default behavior was to edit the password. You can change the default behavior from the browser extension settings. [AAAS-17820]
• When you edit a password, the Edit Password page now loads correctly. [AAAS-17739]
• The leaked passwords report now uses Dark Web Monitor. [US-15369]
• You no longer need to uninstall and reinstall the browser extension to change the language. [AAAS-17902]

AuthPoint Gateway (Beta Update)

The AuthPoint Gateway v7.1 no longer requires outbound access for TCP port 8883. The updated Gateway agent now uses port 443 for communication with WatchGuard Cloud. Additionally, the Gateway is now successfully updated when you remove ADFS resources, RADIUS client resources, and external identities from the Gateway configuration in the AuthPoint management UI.

To test the improvements and bug fixes included with this update, download and install the updated version of the AuthPoint Gateway from the WatchGuard Beta test community.

Enhancements

• In the AuthPoint management UI, when you add or edit an external identity, resource, or corporate application, password fields are no longer autofilled by your browser. [AAAS-17956]
• Minor bug fixes and improvements.

New Features

AuthPoint Agent for RD Web

The AuthPoint agent for RD Web version 1.2.6 is now publicly available. This new version includes security improvements and minor bug fixes.

AuthPoint Agent for ADFS

The AuthPoint agent for ADFS version 1.2.1 is now publicly available. This new version includes security improvements and minor bug fixes.

Enhancements

• Information in the Add Policy Object page now clears when you select a different account in the Account Manager. [AAAS-17062]
• The IdP portal now shows the user name or email address of the authenticated user correctly at narrower browser widths. [AAAS-17456]
• Minor bug fixes and improvements. [AAAS-17679, AAAS-17680]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• When you add a local AuthPoint user and do not specify a first name, the First Name text box now shows an error message to indicate that the field is required. [AAAS-17670]

Enhancements

• In the Filter Users window, the Apply Filters button no longer overlaps with the scroll bar. [AAAS-17672]
• AuthPoint no longer accepts emojis or special characters in Start Time or End Time fields for time schedule policy objects. [AAAS-14683, AAAS-16059]
• When you choose to send a user inheritance request and refresh the page, AuthPoint no longer returns you to the User Inheritance Requests list page. [AAAS-15148]
• AuthPoint now shows only one success message and audit log message when you activate, assign, or delete a hardware token. [AAAS-15828]

New Features

AuthPoint Agent for RD Web (Beta)

The AuthPoint agent for RD Web version 1.2.6 is now available to beta test! This new version includes security improvements and minor bug fixes. To get started, join the WatchGuard Beta test community. You’ll find instructions to download and install the updated agent for RD Web.

AuthPoint Agent for ADFS (Beta)

The AuthPoint agent for ADFS version 1.2.1 is now available to beta test! This new version includes security improvements and minor bug fixes. To get started, join the WatchGuard Beta test community. You’ll find instructions to download and install the updated agent for ADFS.

Enhancements

• Minor bug fixes and improvements. [AAAS-16985, AAAS-17021]

Enhancements

• Resolved an issue that prevented AuthPoint Multi-Factor Authentication trial licenses from being converted to term licenses. [AAAS-17873]
• Minor bug fixes and improvements.

New Features

AuthPoint Gateway (Beta)

The AuthPoint Gateway version 7.1 is now available to beta test! This new version includes performance improvements and minor bug fixes. To get started, join the WatchGuard Beta test community. You’ll find instructions to download and install the updated Gateway.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements. [AAAS-17496, AAAS-17561, AAAS-15790]

Enhancements

• The mobile app for iOS has been updated to version 2.0.0.
  • The latest version of the AuthPoint mobile app requires iOS 12.0 or higher.
  • You can now use the AuthPoint mobile app to see and manage your passwords. To use password management features, your account must have an AuthPoint Total Identity Security license.
  • The AuthPoint mobile app is now available in Spanish (Spain). [AAAS-15713]
  • Minor bug fixes and improvements. [AAAS-17496, AAAS-17561, AAAS-15790]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• When you edit an authentication policy and change the capitalization of the policy name, you can now successfully save the authentication policy. [AAAS-16253]
• Minor bug fixes and improvements.

Enhancements

• The mobile app for Android has been updated to version 2.0.0.
  • The latest version of the AuthPoint mobile app requires Android 7.0 or higher.
  • You can now use the AuthPoint mobile app to see and manage your passwords. To use password management features, your account must have an AuthPoint Total Identity Security license.
  • The AuthPoint mobile app is now available in Spanish (Spain). [AAAS-15712]
  • When you edit a third-party software token and clear the User ID text box, the change is now saved successfully. [AAAS-14191]
  • When you use the mobile app to scan a QR code for offline authentication, if you receive a push request while the QR code Authentication Request page is open, the push request is no longer discarded. [AAAS-14489]
  • Token images that are set by custom branding now display correctly. [AAAS-16984]
  • Token images now display correctly on the Token Security page. [AAAS-16943]
  • Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

New Features

AuthPoint Total Identity Security

A new AuthPoint product, Total Identity Security, is now available to beta test. Total Identity Security includes all current AuthPoint features, plus these additional features:

• Dark Web Monitoring – The Dark Web Monitoring service actively monitors data breaches and notifies you if a data breach includes your email addresses or domains. This service helps to inform and protect users who might be unaware that their credentials leaked in a data breach.
• Password Management – End-users can save and manage their personal and work-related credentials in a personal password vault that is available from the AuthPoint mobile app and the AuthPoint Password Manager browser extension. With this feature, the only password users have to remember is the password to their vault.

The AuthPoint Total Identity Security beta also includes AuthPoint trial license management in WatchGuard Cloud. This makes it easier to start and manage trials for accounts you manage.

To get started, join the WatchGuard Beta test community.

Enhancements

• The token activation QR code on the SSO page is now only valid for seven days. When you resend the token activation email, a new token activation QR code is created on the SSO page. [AAAS-16966]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• When you configure a SAML resource with the Files Anywhere application type, the ClientID value is now required to save your resource. [AAAS-16137]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements. [AAAS-16863]

Enhancements

• The current versions of theAuthPoint Logon App (agent for Windows) 64-bit (v2.7.1) and the AuthPoint Gateway (v7.0.1) have been successfully tested on Windows Server 2022. Windows 2022 is now included as a supported OS in the documentation for these components. [AAAS-16698]
• When you change the application type for a SAML resource with custom attributes from Others to Adobe, you can now successfully save the resource. [AAAS-16795]
• When you change the application type for a SAML resource with a relay state from Others to Adobe, the relay state value is no longer included in the SAML assertion. [AAAS-16802]
• When you create or edit a SAML resource with the Others application type, the integration guide link now works correctly. [AAAS-16719]
• Minor bug fixes and improvements. [AAAS-14929, AAAS-15216, AAAS-15217, AAAS-16692, AAAS-16693]

New Features

SAML Resources with Custom Attributes

You can now configure custom attributes for SAML resources with the Others application type. This enables you to configure MFA for applications that expect specific key value pairs in the SAML assertion.

For SAML resources with the Others application type, you can also now specify custom images for the resource tile that appears in the IdP portal.

Enhancements

• You can now successfully enter Hiragana and Katakana characters. [AAAS-16629]

Enhancements

• Users can no longer access protected ADFS resources without MFA when they connect to the public IP address of the ADFS resource and client location data access is denied. [AAAS-16552]
• Resolved an issue that caused the authentication process for Firebox resources to fail. [AAAS-16238]
• The AuthPoint User Activity report for inactive users now correctly displays data for all LDAP users. [AAAS-16045]

Enhancements

• When you create or edit an AuthPoint user account, you can now successfully enter Japanese Hiragana and Katakana characters. [AAAS-16618]

Enhancements

• The AuthPoint agent for RD Web has been updated to version 1.2.5. The updated agent includes security improvements and requires v4.8 or higher of .NET Framework. [AAAS-15474, AAAS-16050, AAAS-16271, AAAS-16638]
• Minor bug fixes and improvements.

Enhancements

• When you view the Downloads page in a localized language, the .NET requirements for the AuthPoint agent for RD Web now displays in that language. [AAAS-16250]
• Minor bug fixes and improvements.

Enhancements

• On the Authentication Policies page, the label next to group names now displays correctly. [AAAS-16471]

Enhancements

• On the Downloads page, the .NET requirements for the AuthPoint agent for RD Web have been updated. [AAAS-15475]

Enhancements

• The logo shown in the IdP portal for the Google Workspace SAML application type has been updated. [AAAS-16049]

Enhancements

• Audit logs for user authentications now include the location that the user authenticates from. This value is the Origin Location. [AAAS-15521]
• The audit logs for geofence authentications now correctly identify and label the location data accuracy as high or low. [AAAS-15744]
• On the Downloads page, the Java requirements for the Gateway have been updated. We now list a maximum supported version for both JRE and Amazon Corretto. [AAAS-16042]
• Users with pending tokens can now successfully activate their token from the IdP portal login page. [AAAS-16038]
• When you view the AuthPoint management UI in a localized language, the Days/Dates for time schedule policy objects are now correctly localized. [AAAS-15923]
• The add and edit Firebox resource pages now link to the correct help topics. [AAAS-16013]

New Features

Geofence Policy Objects

Geofence policy objects are now publicly available. The geofence policy object enables you to specify a list of countries, and then configure authentication policies that only apply when users authenticate from those countries. You might do this if you want to enforce different MFA requirements for different locations, or if you want to block authentication from specific countries.

The AuthPoint agents for Windows (Logon app), RD Web, and ADFR have been updated to support geofence policy objects.

Enhancements

• For time schedule policy objects, you can now successfully add multiple time periods for the same day or date. [AAAS-16035]
• The MFA page now successfully loads for Outlook on computers that run Windows 8.1. [AAAS-16004]
• Minor bug fixes and improvements. [AAAS-13757, AAAS-15928]

Enhancements

• AuthPoint no longer accepts emojis in user passwords. [AAAS-15914]
• Custom branding now displays correctly when you go to the self-service portal in a Chrome browser. [AAAS-14949]
• The custom branding logo now displays correctly on the Forgot Password page. [AAAS-15123]

New Features

AuthPoint Gateway

The AuthPoint Gateway version 7.0.1 is now publicly available. This new version supports the Amazon Corretto 15 feature release (in addition to Corretto 8 and 11) and includes performance improvements and minor bug fixes. The Gateway also has a new heuristic to handle connection issues.

Enhancements

• In the Application Type drop-down list for SAML resources, Google G Suite is now Google Workspace. [AAAS-15691]

Enhancements

• On the Downloads page, Windows 11 has been added as a supported operating system for the Logon app. [AAAS-15703]

New Features

AuthPoint Integration with the Firebox

You can now configure Firebox resources in AuthPoint for cloud-managed Fireboxes.

AuthPoint Agent for macOS

Version 1.11.0 of the Logon app (agent for macOS) is now publicly available. The updated agent for macOS now supports macOS Monterey (12.x).

New Features

Geofence Policy Objects (Beta)

AuthPoint now supports a new type of policy object: geofence. The geofence policy object enables you to specify a list of countries, and then configure authentication policies that only apply when users authenticate from those countries. You might do this if you want to enforce different MFA requirements for different locations, or if you want to block authentication from specific countries.

To get started, join the WatchGuard Beta test community.

New Features

AuthPoint Gateway (Beta)

The AuthPoint Gateway version 7 is now available to beta test! This new version supports the Amazon Corretto 15 feature release (in addition to Corretto 8 and 11) and includes performance improvements and minor bug fixes. The Gateway also has a new heuristic to handle connection issues.

To get started, join the WatchGuard Beta test community. You’ll find instructions to download and install the updated Gateway.

Enhancements

• These applications have been added to the Application Type drop-down list for SAML resources.
  • OneTrust [AAAS-15464]
  • LiquidFiles [AAAS-15243]
  • Zabbix [AAAS-15092]
  • Egnyte [AAAS-13839]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

New Features

User Inheritance

The user inheritance feature is now publicly available. With the user inheritance feature, Service Providers can request that managed accounts inherit an AuthPoint user from the Service Provider's account. Inherited users are added to the managed account and can authenticate to that account's resources. This makes it easier for Service Providers to help manage their customer's accounts. You might do this if you manage AuthPoint services for a customer, or if you need access to the customer's protected resources for troubleshooting.

Enhancements

• Minor bug fixes and improvements. [AAAS-14574]

Enhancements

• The AuthPoint agent for RD Web has been updated to version 1.2.3.
  • You can now successfully authenticate to the RD Web page with Chrome v90 or higher. [AAAS-14625]
  • This version resolves an issue that caused RD Web authentication sessions to only last 2 hours. [AAAS-14242]

New Features

User Inheritance (Beta)

With the user inheritance feature, Service Providers can request that managed accounts inherit an AuthPoint user from the Service Provider's account. Inherited users are added to the managed account and can authenticate to that account's resources. This makes it easier for Service Providers to help manage their customer's accounts. You might do this if you manage AuthPoint services for a customer, or if you need access to the customer's protected resources for troubleshooting.

To get started, join the WatchGuard Beta test community.

Enhancements

• Minor bug fixes and improvements. [AAAS-11642]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• AuthPoint now sends a confirmation email to users when they activate a hardware or software token. [AAAS-14289, AAAS-14649]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements. [AAAS-14608, AAAS-14725]

New Features

Time Schedule Policy Objects

The new time schedule policy object is now publicly available. Time schedules enable you to specify the dates and times when authentication policies apply to user authentications. You might configure a time schedule policy object if you want to:

• Allow authentication only during specified times, such as work hours.
• Restrict authentication during specific times, such as non-work hours and holidays.
• Enforce different authentication requirements at different times. 
• Use a safe network location to allow users to bypass MFA when they authenticate from the office, but only during specified times, such as work hours.

Enhancements

• Minor bug fixes and improvements. [AAAS-14650]

New Features

AuthPoint Logon App (Agent for Windows)

Version 2.6 of the AuthPoint Logon app (agent for Windows) is now publicly available. The updated agent for Windows has improved how AuthPoint identifies the IP address for RD Gateway authentications that involve a network location. This version also includes several bug fixes and minor improvements.

Enhancements

• The information in the SAML response for authentication with Splunk has been updated to support users with multiple groups. [AAAS-14487]
• These applications have been added to the Application Type drop-down list for SAML resources.
  • PagerTree [AAAS-13991]
  • Awingu [AAAS-13992]
  • Moodle [AAAS-14169]
  • QualityKick [AAAS-14317]
  • 6sense [AAAS-14439]
  • Guacamole [AAAS-14513]
• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements. [AAAS-14328]

Enhancements

• The AuthPoint Gateway has been updated to version 6.1.1. This version resolves several minor bugs and known issues.

New Features

AuthPoint Logon App (Agent for Windows) (Beta)

Version 2.6 of the AuthPoint Logon app (agent for Windows) is now available to beta test. The updated agent for Windows has improved how AuthPoint identifies the IP address for RD Gateway authentications that involve a network location. This version also includes several bug fixes and minor improvements.

To get started, join the WatchGuard Beta test community.

Enhancements

• AuthPoint now displays the correct number of available licenses in your inventory when you delete a group sync and the feature to automatically remove quarantined users is enabled. [AAAS-14365]
• When a user that does not have access to the IdP portal navigates to the IdP portal login page and activates a token, the user is now taken back to the authentication page after their token is activated. [AAAS-14152]
• Minor bug fixes and improvements. [AAAS-14210]

New Features

AuthPoint Self Service Portal

The self service portal feature is now publicly available. AuthPoint users can now activate their own hardware and software tokens from the IdP portal. When new users (or existing users that have no active tokens) go to the IdP portal, AuthPoint now prompts them to activate a token. Users that already have one or more active tokens can activate additional tokens after they log in to the IdP portal.

With this feature, it is easier for AuthPoint end-users to manage and activate their own tokens. When deploying hardware tokens, AuthPoint administrators no longer need to assign and activate each hardware token themselves. Now, end-users can activate their own hardware tokens and AuthPoint automatically assigns the activated tokens to the user that activated them.

Enhancements

• Minor bug fixes and improvements.

New Features

Time Schedule Policy Objects (Beta)

AuthPoint now supports a new type of policy object: time schedules.

Time schedule policy objects enable you to specify the dates and times when authentication policies apply to user authentications. You might configure a time schedule policy object if you want to:

• Allow authentication only during specified times, such as work hours.
• Restrict authentication during specific times, such as non-work hours and holidays.
• Enforce different authentication requirements at different times. 
• Use a safe network location to allow users to bypass MFA when they authenticate from the office, but only during specified times, such as work hours.

To get started, join the WatchGuard Beta test community.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• The policy object labels in the Authentication Policies list now display correctly when you view the AuthPoint management UI in a localized language. In the Filter Policies window, policy objects now have a label next to the name of the policy object. [AAAS-14108]
• Minor bug fixes and improvements. [AAAS-13769]

Enhancements

• For Service Providers, when you switch accounts while adding a user, AuthPoint now loads the Users page for the account that you switch to. [AAAS-11985]
• AuthPoint now successfully syncs LDAP user accounts with an email address that was previously used by a separate AuthPoint user account. [AAAS-14214]

Enhancements

• AuthPoint has a new wizard that shows you how to import hardware tokens to your AuthPoint account. [AAAS-14078]
• Service Provider accounts can now successfully open and see the AuthPoint wizards. [AAAS-14156]
• Resolved issues related to syncing users and groups from an LDAP database. [AAAS-14173, AAAS-14176]
• The mobile app for Android and iOS has been updated to version 1.16.1.
  • You can now successfully respond to push notifications on a device that runs Android 11. [AAAS-13614]
  • You can now successfully copy the OTP for your tokens. [AAAS-13849]
  • Resolved an issue for iOS that caused the AuthPoint app to crash when you respond to a push notification from the lock screen. [AAAS-14163]
  • When you enable PIN protection for a token, the AuthPoint no longer enables PIN protection for your other tokens. [AAAS-14207]
  • You now see the correct error message when you perform an action that requires an Internet connection and your mobile device is not connected to the Internet. [AAAS-14115]
  • Minor bug fixes and improvements. [AAAS-13838, AAAS-13850, AAAS-13837, AAAS-13196, AAAS-1387, AAAS-13854]

New Features

AuthPoint Self Service Portal (Beta)

AuthPoint users can now activate their own hardware and software tokens from the IdP portal. When new users (or existing users that have no active tokens) go to the IdP portal, AuthPoint now prompts them to activate a token. Users that already have one or more active tokens can activate additional tokens after they log in to the IdP portal.

With this feature, it is easier for AuthPoint end-users to manage and activate their own tokens. When deploying hardware tokens, AuthPoint administrators no longer need to assign and activate each hardware token themselves. Now, end-users can activate their own hardware tokens and AuthPoint automatically assigns the activated tokens to the user that activated them.

To try this feature, join the WatchGuard Beta test community.

AuthPoint Logon App (Agent for macOS)

Version 1.10.1 of the AuthPoint Logon app (agent for macOS) is now publicly available. The updated agent for macOS now supports macOS Big Sur.

Enhancements

• Minor bug fixes and improvements. [AAAS-13425

Enhancements

• When you filter the list of users based on the user’s group, AuthPoint now correctly distinguishes between LDAP groups and local AuthPoint groups with the same name. [AAAS-13258]
• When you add roles to an AWS SAML resource, the buttons in the Add Role window now display correctly. [AAAS-13291]

Enhancements

• You cannot configure the IP address for a network location to 0.0.0.0 or 255.255.255.255. [AAAS-13357]
• You can now successfully delete a Firebox resource for a FireCluster that has been removed from WatchGuard Cloud. [AAAS-13771]
• Group syncs now correctly handle the deletion of synced external groups. When you add a group to the group sync, the Select LDAP Groups to Sync Users From list only shows external groups that exist. [AAAS-13699]
• The buttons in the Token Management window now display correctly when you view the AuthPoint managment UI in a localized language. [AAAS-12502]

Enhancements

• AuthPoint can now successfully parse SAML authentication requests from 6sense. [AAAS-13333]
• Users can now successfully authenticate to LucidChart through the IdP portal. [AAAS-13927]
• SAML resources with an authentication policy configured for all groups are now shown in the IdP portal. [AAAS-13794]
• These applications have been added to the Application Type drop-down list for SAML resources.
  • Canva [AAAS-13662]
  • Cybele [AAAS-13662]
  • ManageEngine [AAAS-13662]
  • Perforce [AAAS-13662]
  • VMWare Access Gateway [AAAS-13662]
  • Figma [AAAS-13273]

New Features

AuthPoint Logon App (Agent for macOS) (Beta)

Version 1.10.1 of the AuthPoint Logon app (agent for macOS) is now available to beta test. The updated agent for macOS now supports macOS Big Sur.

To get started, join the WatchGuard Beta test community.

Enhancements

• If you have a subscription license for AuthPoint, you can now successfully limit the number of users for a managed account. [AAAS-7598]

Enhancements

• In the Authentication Policy list, items in the Policy Objects column now match the formatting of items in the Resources and Groups columns. [AAAS-13521]
• At the bottom of the Users list, the drop-down menu that determines how many users to show per page now displays correctly. [AAAS-12907]

New Features

Risk Framework and Policy Management

The new risk framework and policy management structure is now publicly available. This makes it easier to create and manage authentication policies that determine what applications and resources your users have access to and how they authenticate.

Here are some of the exciting changes and new features:

• Access policies are now authentication policies.
  • Your existing access policies have been converted to authentication policies
  • You configure authentication policies separately from groups.
  • Each authentication policy can apply to multiple groups and resources.
  • You can now configure policies to deny authentications.
• You can now configure policy objects, such as Network Locations (previously called safe locations) separately from groups. This makes them easier to manage.
• You can now add users to more than one group.
• You can now sync external groups from Active Directory and Azure Active Directory to AuthPoint.

Enhancements

• Azure AD users can now successfully authenticate to RADIUS client resources that use MS-CHAPv2. [AAAS-12742]
• The AuthPoint Logon app (agent for Windows) has been updated to version 2.5.1 to support the new risk framework features. This version also resolves several minor bugs and known issues.
  • On Windows 10 machines, domain users with an expired password can now successfully set a new password and log in. [AAAS-12490]
  • Resolved an issue where users on a specific domain could log in with only password. [AAAS-12877, AAAS-13193]
  • MFA is now required for users that are members of the Protected Users security group in Active Directory. [AAAS-12984]
  • Resolved an issue where certain Microsoft errors would not cause the Logon app to show the MFA screen. MFA is now required when this happens. [AAAS-13129]
  • When you use RDP to connect to a server, AuthPoint uses the end user IP address for network locations (previously called safe locations). When the connection is done through RD Gateway, AuthPoint uses the IP address of the RD Gateway server. [AAAS-13074]
  • Resolved an issue where some users that have an account name (sAMAccount name) configured as firstname.last name got a "User not found" error message when they used the Logon app. [AAAS-13257]
  • Users can now successfully use the user principal name (user@domain) to authenticate with RDP to a computer with the Logon app installed. [AAAS-13483]
• The AuthPoint Logon app (agent for macOS) has been updated to version 1.10.0 to support the new risk framework features. This version also resolves several minor bugs and known issues.
  • When you select the Forgot Token option, you can now click How to active Forgot Token mode for help. [AAAS-10141]
  • If you enable the Forgot Token feature on the agent for macOS, it is now automatically disabled if you authenticate with MFA (you use an OTP, approve a push, or scan a QR code) since this indicates that you have regained access to your token. [AAAS-11766]
  • If you enable the Forgot Token feature, you can now successfully log in without MFA even when then computer cannot connect to AuthPoint. [AAAS-11783]
  • If you enable the Forgot Token feature, the agent for macOS no longer disables Forgot Token mode when you connect to the Internet. [AAAS-13101]
  • You can now successfully authenticate and log in offline when you have an authentication policy that only requires a password. [AAAS-13153]
• The agent for RD Web has been updated to version 1.2.0 to support the new risk framework features.
  • Users that do not have an authentication policy can no longer log in and access the RD Web page. [AAAS-13379]
  • The agent for RD Web now supports custom ports. If you do not use the default port 443, when you configure the RD Web resource in AuthPoint you must append your port to the FQDN value. For example, if you use port 8443, in the FQDN text box you would type example.com:8443. [AAAS-11590]
  • Users that have an authentication policy configured to deny access to the RD Web resource now see an error message when they try to authenticate and log in to the RD Web page. [AAAS-11761]
• The AuthPoint Gateway has been updated to version 6.1.0 to support the new risk framework features. This version also resolves several minor bugs and known issues.
  • Local AuthPoint users can now successfully authenticate to MS-CHAPv2 RADIUS client resources that use the email attribute for the filter-ID value. [AAAS-11867]
  • The RADIUS shared secret is no longer exposed when the RADIUS service is set to the debug logging level. [AAAS-12172]
  • You can now successfully configure a group sync to sync users from the Domain Users group in Active Directory. [AAAS-12740]
  • Minor bug fixes and improvements. [AAAS-7304, AAAS-9633, AAAS-12936]
• The mobile app for Android and iOS has been updated to version 1.16.0.
  • The latest version of the AuthPoint mobile app requires Android 6.0 or iOS 11.0.
  • Resolved an issue on Android mobile devices that prevented the AuthPoint app from using the camera to activate a token. You can now manually give the AuthPoint app permissions to use the camera. [AAAS-13546]
  • The message that shows when you approve a push notification to verify your identity has been updated. [AAAS-13148]
  • When you choose to migrate a third-party token, you can now successfully save the QR code for later. [AAAS-13580]
  • There are now more specific error messages for the sync token and migrate token options. [AAAS-11566, AAAS-11567]
  • The token image for third-party tokens now display correctly. [AAAS-13583]
  • Minor bug fixes and improvements. [AAAS-12803, AAAS-1358]

Enhancements

• When you add, edit, or delete a user in AuthPoint, the Audit Logs now include what groups the user belongs to. [AAAS-13259]
• You can now create and use passwords that contain both "<" and ">". [AAAS-11375]
• AuthPoint now truncates RADIUS packets to that contain more than 3000 characters for a user's group information. If the names of all a user's groups are greater than 3000 character, the group information is truncated and the response only includes the first 3000 characters of the group information. [AAAS-13222]
• The AuthPoint French language help has been updated.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• On the Group Sync page for LDAP external identities, the Cancel button has been changed to a Back button to match the other pages in the UI. [AAAS-8982]
• For Service Providers, you are now taken to the Inventory Overview page after you allocate users to a Subscriber account. [WCD-6350]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• AuthPoint has a new wizard that shows you how to configure multi-factor authentication for computers and servers with the Logon app (agent for Windows and macOS). [AAAS-10289]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• The AuthPoint Wizards now display correctly for new accounts and accounts with a trial license or subscription license. [AAAS-13011]

Enhancements

• The AuthPoint mobile app is now available from the Amazon Appstore.

Enhancements

• On the Downloads page, the Java requirements for the Gateway have been updated. We now list a minimum required version and a recommended version for both JRE and Amazon Corretto. [AAAS-13371]

Enhancements

• When you configure a SAML resource for Amazon Web Services (AWS), you now select which AuthPoint groups each Role custom attribute applies to when you create or edit the resource. This association was previously made on the Edit Group page. [AAAS-11703]
• These applications have been added to the Application Type drop-down list for SAML resources.
  • Envoy [AAAS-12175]
  • Sugar Identity [AAAS-12385]
  • TeamViewer [AAAS-11868]

Enhancements

• Minor bug fixes and improvements. [AAAS-13371]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• RD Web sessions now last for eight hours. After eight hours, users must authenticate again. [AAAS-12972]

Enhancements

• On the Downloads page, the recommended version of JDK for the Gateway has changed from JDK 11 to JDK 11.0.7. [AAAS-12891
• The Wizards page now has a context sensitive help link. [AAAS-12922]
• Minor bug fixes and improvements. [AAAS-12892]

Enhancements

• Minor bug fixes and improvements. [AAAS-9183]

New Features

AuthPoint Wizards

AuthPoint wizards are now publicly available. These interactive wizards show you how to configure AuthPoint. You can learn how to get started with AuthPoint, how to configure MFA for a VPN, and how to sync users from Active Directory.

Enhancements

• Minor bug fixes and improvements. [AAAS-12722]

Enhancements

• The mobile app for Android has been updated to version 1.15.1.
  • Minor bug fixes and improvements. [AAAS-12659, AAAS-12687, AAAS-12721, AAAS-12727]

New Features

Logon App for Windows (Agent for Windows)

Version 2.4 of the AuthPoint Logon app (agent for Windows) is now publicly available. The updated agent for Windows now automatically sends a push notification to users after they type their user name and password. Users can disable this feature.

Safe locations now support private IP addresses for Remote Desktop Protocol (RDP) connections.

Enhancements

• The AuthPoint walkthroughs beta feature is now called AuthPoint wizards.
• UDS Enterprise has been added to the Application Type drop-down list for SAML resources. [AAAS-12263]

Enhancements

• Minor bug fixes and enhancements.

Enhancements

• Minor bug fixes and enhancements.

New Features

AuthPoint Walkthroughs (Beta)

AuthPoint walkthroughs are now available to beta test. These interactive walkthroughs show you how to configure AuthPoint. You can learn how to get started with AuthPoint, how to configure MFA for a VPN, and how to sync users from Active Directory.

To get started, join the WatchGuard Beta test community.

Enhancements

• When you search for hardware tokens and include a special character in the serial number, AuthPoint returns no results instead of an error message. [AAAS-12456]
• Minor bug fixes and enhancements.

Enhancements

• When you reimport an active WatchGuard hardware token, the token now remains active. [AAAS-12534]
• The correct AuthPoint Users tile is now shown when a license expires and the grace period ends. [AAAS-12247]
•  The mobile app for Android and iOS has been updated to version 1.15.0.
  • You must now unlock each token individually. This adds additional security for your tokens. [AAAS-12041, AAAS-12042]
  • Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

New Features

Logon App (Agent for Windows) (Beta)

Version 2.4 of the AuthPoint Logon app (agent for Windows) is now available to beta test. The updated agent for Windows now automatically sends a push notification to users after they type their user name and password. Users can disable this feature.

Safe locations now support private IP addresses for Remote Desktop Protocol (RDP) connections.

To get started, join the WatchGuard Beta test community.

WatchGuard Hardware Tokens

You can now purchase and use WatchGuard hardware tokens to authenticate with AuthPoint MFA. WatchGuard hardware tokens are electronic devices that generate one-time passwords (OTPs). When you authenticate, you can use a hardware token as an alternative to the token in the AuthPoint mobile app.

To import WatchGuard hardware tokens, you simply provide the serial number of an individual hardware token or a box of hardware tokens. You do not need a seed file. This makes the process to import tokens safer and easier. You can import a WatchGuard hardware token into multiple accounts.

Enhancements

• The hardware token menu no longer has an empty space between menu options. [AAAS-12282]
• AuthPoint Help is now available in French, Japanese, and Spanish. To switch between languages in Help Center, in the top-right of the page, click the icon and select a language from the drop-down list.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

Enhancements

• You can now configure custom branding to set the default name and image for tokens in the AuthPoint mobile app. [AAAS-1452]
• The mobile app for Android and iOS has been updated to version 1.14.0.
  • The default name and image for tokens is now set by the custom branding settings in WatchGuard Cloud. [AAAS-1452]
  • Minor bug fixes and improvements.

Enhancements

• Minor bug fixes and improvements.

New Features

Logon App (Agent for macOS)

Version 1.9 of the AuthPoint Logon app (agent for macOS) is now publicly available. With the updated agent for macOS, you can now allow specific users who do not have an AuthPoint user account to log in without MFA (this feature was previously limited to the agent for Windows). Another new feature is that the agent now automatically sends a push notification to users after they type their user name and password. Users can disable this feature.

Resolved Issues

• The Logon app (agent for Windows) has been updated to version 2.3.1 to address a bug. This update reverts the functionality of the agent to version 2.2. The updates made for version 2.3.0 have been removed.

Enhancements

• Minor bug fixes and improvements.

New Features

AuthPoint Gateway

The AuthPoint Gateway version 6.0 is now publicly available. This new version supports Java 11 and Amazon Correto 11 and offers performance improvements.

Enhancements

• The AuthPoint Logon app (agent for Windows) has been updated to version 2.3.0.
  • The agent for Windows now supports safe locations for RD Gateway connections that use port 443. [AAAS-11613]
  • You can now successfully use an NCP client to connect to a VPN before you log in to your computer. [AAAS-11454]
• The mobile app for Android and iOS has been updated to version 1.13.2.
  • New tips have been added. [AAAS-10832, AAAS-11658, AAAS-11659]
  • Minor bug fixes and improvements.
• WatchGuard Cloud now generates audit logs when a user is automatically blocked. [AAAS-10445]
• These applications have been added to the Application Type drop-down list for SAML resources.
  • WordPress [AAAS-11680]
  • Shipyard [AAAS-10955]
  • Desknet NEO [AAAS-8468]
  • NextCloud [AAAS-11372]
  • JetBrains [AAAS-9977]
  • Xton Access Manager [AAAS-11110]
  • ServiceNow [AAAS-11090]

Enhancements

• When you configure the Logon app, you can now specify up to 50 non-AuthPoint users that can log in without MFA. [AAAS-11691]\

New Features

Logon App (Agent for macOS) (Beta)

Version 1.9 of the AuthPoint Logon app (agent for macOS) is now available to beta test. With the updated agent for macOS, you can now allow specific users who do not have an AuthPoint user account to log in without MFA (this feature was previously limited to the agent for Windows). Another new feature is that the agent now automatically sends a push notification to users after they type their user name and password. Users can disable this feature.

To get started, join the WatchGuard Beta test community.

Enhancements

• Minor bug fixes and improvements.

New Features

AuthPoint Gateway (Beta)

The AuthPoint Gateway version 6.0 is now available to beta test. This new version now supports Java 11 and Amazon Correto 11 and offers performance improvements.

To get started, join the WatchGuard Beta test community.

Enhancements

• The mobile app for Android and iOS has been updated to version 1.13.0.
  • You can now check if there are any pending push notifications. You might do this if you authenticate, but do not receive a push notification. [AAAS-11297, AAAS-11298]
  • When you open the AuthPoint mobile app, the app automatically checks if there are any pending push notifications. [AAAS-11295, AAAS-11296]

Enhancements

• When a WatchGuard Cloud account is deleted, the account alias used for the IdP portal is now made available for other accounts to use. [AAAS-10910]

Enhancements

• Minor bug fixes and improvements.

New Features

Sync Users to AuthPoint from Azure AD

The Azure AD feature is now publicly available. You can configure an Azure AD external identity to sync users from Azure Active Directory. This new type of external identity connects directly to Azure Active Directory. You do not have to install the AuthPoint Gateway.

Enhancements

• When you send a push notification to a user, you can now see the Request Id value. [AAAS-10550]
• In the IdP portal, custom branding is now applied to SAML resources with Others selected for the Application Type. [AAAS-10816]
• You can now create and use passwords that contain both "<" and ">". [AAAS-9275]
• These applications have been added to the Application Type drop-down list for SAML resources.
  • MobileIron [AAAS-11115]
  • F5 Big-IP APM [AAAS-11114]
  • SAP Business By Design [AAAS-11113]
  • Skytap [AAAS-11112]
  • Inuvika [AAAS-11111]
  • Cybozu [AAAS-11110]

Enhancements

• The mobile app for Android and iOS has been updated to version 1.12.0.
  • When you activate a token, you are now prompted to set the token name and image. [AAAS-8869, AAAS-8870]
  • Minor bug fixes and improvements.

Enhancements

• The AuthPoint Logon app (agent for Windows) has been updated to version 2.2.0.
  • The updated version of the agent for Windows supports safe locations for RDP. [AAAS-9669]
  • The agent for Windows is now available in these languages:
    • Chinese (China)
    • Chinese (Taiwan)
    • Dutch
    • English
    • French
    • German
    • Italian
    • Japanese
    • Korean
    • Portuguese (Brazil)
    • Portuguese (Portugal)
    • Spanish
    • Thai
• Minor bug fixes and improvements.

Enhancements

• On the Gateway page, you can now see the IP addresses of primary Gateways. [AAAS-9602]
• The AuthPoint mobile app for Android and iOS has been updated to version 1.11.0.
  • On Android devices, you can now use face and iris authentication to unlock protected tokens. [AAAS-5537, AAAS-5538]
  • There is now a Device Information option in the app menu. [AAAS-10149, AAAS-10150]

New Features

Custom Branding

Custom branding for AuthPoint is now publicly available. With this feature, you can apply custom branding to AuthPoint emails, the IdP portal, and the SSO authentication page for your account and any accounts that you manage.

Enhancements

• The AuthPoint Logon app (agent for macOS) has been updated to version 1.8.0.
• The agent for RD Web has been updated to version 1.1.1.
• The IdP portal, the agent for macOS, the agent for RD Web, and messages related to SAML authentication are now available in these languages:
  • Chinese (China)
  • Chinese (Taiwan)
  • Dutch
  • English
  • French
  • German
  • Italian
  • Japanese
  • Korean
  • Portuguese (Brazil)
  • Portuguese (Portugal)
  • Spanish
  • Thai
• These applications have been added to the Application Type drop-down list for SAML resources.
  • LogMeIn Rescue [AAAS-9081]
  • NetDocuments [AAAS-10555]
  • Pipedrive [AAAS-9561]
  • Pluralsight [AAAS-6719]

New Features

MS-CHAPv2

The RADIUS authentication for MS-CHAPv2 feature is now publicly available. With this feature, you can configure AuthPoint MFA for IKEv2 VPN clients. This is the type of VPN client that is included with Windows 8.1, Windows 10, and macOS.

Enhancements

• The AuthPoint Gateway has been updated to version 5.3.1.
• On the Downloads page, the system requirements are now listed from newest to oldest. [AAAS-10885]
• Minor bug fixes and improvements.

Enhancements

• When you run a search or apply filters to the list of users, you can now see the total number of user accounts that are returned. [AAAS-10620]
• On the Downloads page, the Windows Server 2008 R2 has been removed from the System Requirements for the Gateway installer. [AAAS-10618]
• Minor bug fixes and improvements.

New Features

Logon App (Agent for macOS)

Version 1.7 of theAuthPoint Logon app (agent for macOS) is now publicly available. The updated version of the Logon app supports macOS Catalina.

New Features

Custom Branding (Beta)

AuthPoint now supports custom branding. With this feature, you can apply custom branding to AuthPoint emails, the IdP portal, and the SSO authentication page for your account and any accounts that you manage, including:

• Logo and images in emails sent by AuthPoint
• Reply-to email address for emails sent by AuthPoint
• Logo and thumbnail on the set password and activate token web pages
• Logo, thumbnail, and background image for the IdP portal

To get started, join the WatchGuard Beta test community.

Resolved Issues

• You can now successfully create RD Web resources with a domains that has more than 220 characters. [AAAS-8662]
• For Service Providers, when you view the inventory for your own Subscriber account, the AuthPoint Overview section now correctly shows an expired message when one of your licenses has expired. [WCD-4251]

New Features

MS-CHAPv2 (Beta)

AuthPoint now supports RADIUS authentication for MS-CHAPv2. With this feature, you can configure AuthPoint MFA for IKEv2 VPN clients. This is the type of VPN client that is included with Windows 8.1, Windows 10, and macOS.

To get started, join the WatchGuard Beta test community.

Logon App (agent for Windows)

Version 2.1.3 of the AuthPoint Logon app (agent for Windows) is now publicly available. With the updated version of the Logon app, you can configure the Logon app to allow users that do not have an AuthPoint user account to log in without MFA. When you install the Logon app with the command line, you can now pass the path or content of the configuration file as a parameter.

Enhancements

• The AuthPoint mobile app for Android and iOS has been updated to version 1.10.0.
  • You can now migrate all of your WatchGuard tokens at once. [AAAS-10373, AAAS-10377]
  • There is now a Tips option in the app menu. [AAAS-10349, AAAS-10372]

Enhancements

• When you configure an LDAP external identity and select Active Directory as the type, the LDAPS toggle is now enabled by default and the default port is changed from 389 to 636. [AAAS-10393]

Enhancements

• You can now successfully create users with @ in the user name. [AAAS-9797]
• The Require Password Authentication toggle is no longer shown when you configure an access policy for Logon app, RD Web, and ADFS resources. [AAAS-8657]

Enhancements

• The AuthPoint Gateway has been updated to version 5.2.5.
• On the Logon app resource page, the Access for Non-AuthPoint Users section is now available in French, Japanese, and Spanish. [AAAS-10369]
• For LDAP external identities, the translation for the Redundant Address text boxes have been updated to Server Address and Server Port. [AAAS-10197]
• Additional messages and text in the AuthPoint management UI are now available in French, Japanese, and Spanish. [AAAS-10306, AAAS-10340]

Enhancements

• These applications have been added to the Application Type drop-down list for SAML resources.
  • M-Files[AAAS-9760]
  • VMWare Workspace ONE [AAAS-8469]
• Minor bug fixes and improvements.

New Features

Logon App for Mac (Beta)

Version 1.7 of the Logon app for Mac is now available to beta test. The updated version of the Logon app supports macOS Catalina.

To get started, join the WatchGuard Beta test community.

AuthPoint Authentication API

The AuthPoint Authentication API is now publicly available. The Authentication API is a RESTful API that you can use to add the protection of AuthPoint multi-factor authentication (MFA) to custom applications. For more information, see the API documentation.

Enhancements

• You can now resend the token activation email to multiple users at the same time. [AAAS-2796]
• Minor bug fixes and improvements.

New Features

Sync Users to AuthPoint from Azure AD (Beta)

You can now configure an Azure AD external identity to sync users from Azure Active Directory. This new type of external identity connects directly to Azure Active Directory. You do not have to install the AuthPoint Gateway.

To get started, join the WatchGuard Beta test community.

Manually Send a Push Notification to a User

You can now send a push notification to a user manually from the Users page in the AuthPoint management UI. You might send a push notification manually when you need to verify the identity of an AuthPoint user or test if a user can receive push notifications.

Enhancements

• The AuthPoint mobile app for Android and iOS has been updated to version 1.9.0.
• The feature to allow non-AuthPoint users to log in without MFA has been updated:
  • The feature is now called Access for Non-AuthPoint Users. [AAAS-10122]
  • You can now only allow specific users to log in without MFA (the option to allow all non-AuthPoint users to log in without MFA has been removed) [AAAS-10114]
• An audit log is now generated when an operator resends the token activation email to a user. [AAAS-10178]

Enhancements

• Minor bug fixes and improvements.

Enhancements

• AuthPoint trial licenses now have 250 users.

Enhancements

• The AuthPoint Gateway has been updated to version 5.2.1.173. [AAAS-9888, AAAS-9842]
• You can now filter the Users list to show only users that have a pending token. [AAAS-4897, AAAS-9842]
• For RD Web resources, the Domain text box has been changed to FQDN.
• SAP Fiori has been added to the Application Type drop-down list for SAML resources. [AAAS-9379]

Enhancements

• You can now activate tokens on the authentication (SSO) page when you log in to the IdP portal. This option is only available when you have a pending token that has not been activated. [AAAS-9201]
• The AuthPoint management UI is now available in French, Japanese, and Spanish. [WCD-2583]

Resolved Issues

• You can now successfully import Safenet third-party hardware tokens. [AAAS-8891]
• You can now successfully import Gemalto third-party hardware tokens. [AAAS-8936]

New Features

Quarantined User Removal

You can now configure AuthPoint to automatically remove quarantined users. You can choose to remove quarantined users immediately or after a specified amount of time.

Enhancements

• The AuthPoint Gateway has been updated to version 5.2.0.
  • When you configure a RADIUS client resource to send the Active Directory groups of users for the attribute 11 (Filter-ID) value in RADIUS responses, the groups are now sent as a list of values instead of a comma separated list of values. [AAAS-9748]
  • When you add or edit a Group Sync for an LDAP database with more than 1,000 groups, you can now successfully see and select all LDAP groups. [AAAS-9634]

New Features

Logon App for Windows (Beta)

Version 2.1 of the Logon app for Windows is now available to beta test. With the updated version of the Logon app, you can configure the Logon app to allow users that do not have an AuthPoint user account to log in without MFA. When you install the Logon app with the command line, you can now pass the path or content of the configuration file as a parameter.

To get started, join the WatchGuard Beta test community.

Enhancements

• You can now select and remove multiple users at the same time. [AAAS-8884]

Enhancements

• You can now assign up to 20 software tokens to each user. [AAAS-9390]
• These applications have been added to the Application Type drop-down list for SAML resources.
  • Veracode [AAAS-9387]
  • Bambu [AAAS-9386]
  • Confluence (on premise) [AAAS-9385]
  • JIRA (on premise) [AAAS-9384]
  • Join.me [AAAS-8880]
• For SAML resources, the Application Type drop-down list now has a context-sensitive help link to the integration guide for Concur. [AAAS-9383]

Resolved Issues

• The Logon app for Windows has been updated to version 2.0.2. The Logon app now correctly requires authentication for domain users that log in with RDP. [AAAS-9565]
• When you add a group sync to an external identity and select the LDAP groups to sync, there is now a scroll bar to so that content does not overflow and cover the Save and Cancel buttons. [AAAS-9001]
• When you remove an LDAP group from the group sync for an external identity, that LDAP group now correctly appears in the list of groups you can add to the group sync. You do not have to close the group sync first. [AAAS-8630]

Enhancements

• The AuthPoint mobile app for Android and iOS has been updated to version 1.8.0.
  • You can now back up and restore your third-party software tokens. [AAAS-8865, AAAS-8866]
  • On the About page, you can now see the release date for your installed version of the mobile app. [AAAS-9377, AAAS-9378]
  • You can now see the settings menu and configure settings when you first install the AuthPoint mobile app and do not have any active tokens. [AAAS-9045, AAAS-9046]

• On the Hardware Tokens page, you can now apply filters so that only certain hardware tokens are shown. [AAAS-8057]
• On the Users page, you can now apply filters so that only certain users are shown. [AAAS-4290]
• Minor bug fixes and improvements.

• The AuthPoint Gateway has been updated to version 5.1.5. You must download and install the updated Gateway by 10 October 2019. If you do not update your AuthPoint Gateway before this time and it is installed on a computer with Java JDK/JRE v8u212 or higher, the AuthPoint Gateway will no longer be able to connect to the WatchGuard Cloud AWS infrastructure and all Active Directory-based authentication will fail. For more information, see this knowledge base article. For detailed instructions to update the AuthPoint Gateway, see Update an Installed Gateway.

• These applications have been added to the Application Type drop-down list for SAML resources.
  • Slack [AAAS-8881]
  • Rapid7 [AAAS-8532]
• On the Downloads page, the system requirements for installers has been updated.
• Minor bug fixes and improvements.

• Minor bug fixes and improvements.

• AuthPoint Agent for Mac:
  • The agent now supports authentication for Active Directory users.
  • Minor bug fixes and improvements.
• Version 5 of the AuthPoint Gateway is now available.
  • You can now configure and install secondary Gateways as a failover for LDAP user authentication. [AAAS-4887]
  • You can now configure a RADIUS resource so that the Gateway sends the Active Directory group as the attribute 11 (Filter-ID) value in RADIUS responses. [AAAS-7764]
  • Minor bug fixes and improvements.

• These applications have been added to the Application Type drop-down list for SAML resources.
  • Master Control QMS [AAAS-8687, AAAS-7560]
  • Trello [AAAS-8688]
• Minor bug fixes and improvements.

• The AuthPoint mobile app for Android and iOS has been updated to version 1.7.0. [AAAS-9014, AAAS-9047]
  • For iOS, the option to edit a token name and image is now in the Edit Token menu.
  • Minor bug fixes and improvements.
• Audit logs for authentication have been improved.
  • Audit log messages for RADIUS authentication now include the request-Id and a detailed error message. [AAAS-8218]
  • Audit log messages for LDAP authentication now include a detailed error message. [AAAS-8219]
  • Audit log messages for authentication with the Logon app for Windows and Mac now include detailed error messages. [AAAS-8220]
  • Audit log messages for SAML authentication now include the request-Id and a detailed error message. [AAAS-8222]
  • Audit log messages for ADFS authentication now include the request-Id and a detailed error message. [AAAS-8223]
  • Audit log messages for push notifications now include the origin IP address and information about how long it took for the push to be answered, delivered, and generated. [AAAS-7390, AAAAS-8946]
• Service Providers can now successfully delete expired AuthPoint trial licenses in WatchGuard Cloud. [WCD-3711]
• Minor bug fixes and improvements.

• These applications have been added to the Application Type drop-down list for SAML resources.
  • Zoho [AAAS-8471]
• Minor bug fix for the RD Web agent. [AAAS-8951, AAAS-8925]
• Minor bug fixes and improvements.

• Version 5 of the AuthPoint Gateway is now available to beta test. To get started, visit our beta management site.
  • You can now configure and install secondary Gateways as a failover for LDAP user authentication. [AAAS-5303, AAAS-5304]
  • You can now specify what is sent for the attribute 11 (Filter-ID) value in RADIUS responses. [AAAS-8529, AAAS-8530, AAAS-8531, AAAS-8666]
• The Gateway page now shows your Gateways as tiles.
• The Phone Number for users can now include special characters. [AAAS-8814, AAAS-8670]
• Minor bug fixes and improvements.

• These applications have been added to the Application Type drop-down list for SAML resources. Each of these applications has a context-sensitive help link to the integration guide.
  • Zendesk [AAAS-8274, AAAS-7095]
  • Rakurakuseisan [AAAS-8235]
  • Cisco Meraki [AAAS-8367]
• The context-sensitive help link for the OneLogin integration guide now points directly to the integration guide. [AAAS-8234]
• Minor bug fixes and improvements.

• You can now download the AuthPoint agent for RD Web on the Downloads page.
• AuthPoint Agent for Mac:
  • You can now successfully update the beta version of the Logon app for Mac to the current version. [AAAS-8559]
  • Users with an access policy that requires only a password no longer see an error message when they log in without an Internet connection. [AAAS-8553]
  • You can now successfully log in when you reinstall the agent with a different configuration file. [AAAS-8368]
  • Users that are blocked or quarantined can no longer authenticate and log in when the computer does not have an Internet connection. [AAAS-7163]
• AuthPoint Agent for Windows:
  • The QR code now displays correctly on computers that have the display scale set to a value greater than 100%. [AAAS-7722]
  • You are now prompted to restart your computer when the Logon app is installed. If your computer is locked, you must log in and acknowledge the message before your computer is restarted. [AAAS-5952]
  • The Logon app now sends only two authentication requests for each incorrect login attempt. [AAAS-8201]
  • You can now successfully authenticate when you are required to change your password. [AAAS-8027]
  • Push notifications from a computer with many network adapters do not show an IP address. [AAAS-7837]
  • Users with an access policy that requires only a password no longer see the MFA page when they log in without an Internet connection. [AAAS-8552]
  • The font used for the Logon app text is now Open Sans. [AAAS-8196]
  • On the About page, the program name is now AuthPoint Agent for Windows. [AAAS-8050]
  • The About page for the Logon app now shows the correct version number. [AAAS-8516]
  • RDP now requires authentication when you log in from a safe location. [AAAS-8207, AAAS-8541]
  • The Forgot Token feature has been updated to match the appearance of the Logon app for Mac. [AAAS-7686]
• In the Add Safe Location window, the example has been updated to show a public IP address instead of a private IP address. Private IP addresses do not work for safe locations. [AAAS-8143]
• Authentication logs now save correctly for resources with names greater than 200 characters. [AAAS-7926]
• Minor bug fixes and improvements.

• Minor bug fixes and improvements.

• GitLab has been added to the Application Type drop-down list for SAML resources. [AAAS-7996]
• You can now create SAML resources that include “?” in the Service Provider Entity ID text box. [AAAS-7799]
• When you navigate to Concur to log in, you are now redirected to the IdP portal for authentication. The reason for this is that Concur only supports identity provider initiated login. [AAAS-8233]
• Minor bug fixes and improvements.

• When you import hardware tokens, you can now select which hardware tokens to import. [AAAS-8031]
• The Gateway page in the AuthPoint management UI has been updated. [AAAS-7381]
  • There is now a menu for each Gateway. Use this menu to see the Gateway Registration Key or to remove a Gateway.
  • Next to the name of each Gateway, a status icon is now shown when the Gateway is created, when a registration key is generated, and when an error occurs.
• SAML resources with long names now display correctly in the IdP portal. [AAAS-7721]
• Minor bug fixes and improvements.

• You can now import third-party hardware tokens to AuthPoint and assign them to users to use for authentication from the Hardware Tokens page in the AuthPoint management UI. [AAAS-4347]
• The Logon app for Windows has been updated to version 2.0.0.159. [AAAS-4983, AAAS-4984, AAAS-6385]
  • The authentication flow is improved. You now type your password and then see the authentication screen where you select how to authenticate. You do not have to type your password when you change authentication methods.
  • The Logon app for Windows now supports safe locations, RDP, RD Gateway, and authentication with hardware tokens.
  • When you authenticate with QR code or OTP, you no longer have to select the Offline Authentication option to authenticate without an Internet connection. This option has been removed from the UI.
• The Logon app for macOS has been updated to version 1.5.21. The Logon app now supports authentication with hardware tokens. [AAAS-5845]
• Minor bug fixes and improvements.

• Minor bug fixes and improvements.

• The Remember Password and Synchronization Interval options have been removed from the Logon app resource page. [AAAS-7277]
• Minor bug fixes and improvements.

• The AuthPoint agent for ADFS has been updated to version 1.1.67. You can now configure safe locations for ADFS. Download and install the updated agent for ADFS to use this feature. [AAAS-7471]
• The company name now displays correctly on the authentication page for ADFS. [AAAS-6606]
• Minor bug fixes and improvements. [AAAS-7757, AAAS-6439, AAAS-7751]

• Minor bug fixes and improvements. [AAAS-7693]

• RD Web has been added as a new resource type. [AAAS-5821]
• The AuthPoint agent for RD Web has been added to the Downloads page. [AAAS-5835]
• These applications have been added to the Application Type drop-down list for SAML resources. Each of these applications has a context-sensitive help link to the integration guide. [AAAS-7553]
  • BMC Remedy Force
  • Cisco ISE
  • Cisco Webex
  • CylanceProtect
  • Globalscape EFT
  • ITGlue
  • Stride
  • Thycotic Secret Server
• These applications have been renamed in the Application Type drop-down list for SAML resources. [AAAS-7441]
  • Cisco is now Cisco Umbrella
  • LogMeIn is now LogMeIn Central
  • Lucidchart is now LucidChart
  • ManageEngine is now ManageEngine PMP
• For Service Providers, in the Subscriber view, the Certificates page in the AuthPoint management UI now correctly updates when you pivot to view a different Subscriber account. [AAAS-7673]
• Minor bug fixes and improvements.

• The Logon app for Mac OS has been updated to version 1.4.
  • The Logon app for macOS now supports safe locations. [AAAS-6556]
  • When you authenticate with QR code or OTP, you no longer have to select the Offline Authentication option to authenticate without an Internet connection. This option has been removed from the UI. [AAAS-7262]
• Citrix Sharefile has been added to the Application Type drop-down list for SAML resources. [AAAS-7362]
• Minor bug fixes and improvements.

• A new Alert Rule has been added to notify you when an AuthPoint identity provider certificate is about to expire. [AAAS-7256, AAAS-7258]
• Minor bug fixes and improvements.

• Minor bug fixes and improvements.

• The AuthPoint mobile app has been updated to version 1.6.0.
  • You can now manually activate third-party tokens in the AuthPoint mobile app.
  • You can now migrate third-party tokens from one mobile device to another.
  • The time stamp of your token is now synced when you respond to a push and receive an authentication error.
  • You can now tap your screen to focus the camera when the QR code reader is open.
  • Minor bug fixes and improvements.

• You can now create and manage the certificates used for SAML authentication. From the Resources page, click Certificate to see the new Certificate Management page. [AAAS-6960]
• The issue that caused the Pending token status to not show for new users has been resolved. [AAAS-7309]

• Minor bug fixes and improvements.

• Minor bug fixes and improvements.

• You can now configure safe locations on the Edit Group page. When you configure a safe location, users can access SAML resources from the specified IP addresses without MFA. [AAAS-48]
• Audit logs are generated when you add, edit, or remove a safe location. [AAAS-6715]
• Minor bug fixes and improvements.

• Minor bug fixes and improvements.

• You can now download the ADFS installer on the Downloads page. [AAAS-702]

• The Logon app for Windows has been updated to version 1.7.2.110. This update resolves the issue that caused some push notifications to take a long time to time out. [AAAS-6400]
• When you enable the Basic Authentication option in the access policy of an Office 365 resource, the access policy now operates correctly and users must authenticate with an allowed authentication method. [AAAS-6602]
• For SAML resources, the Application Type drop-down list now has context-sensitive help links to the integration guides for Adobe, ConnectWise Control, FreshService, KnowBe4, Manage Engine, Splunk, and SugarCRM. [AAAS-6700]

• You are now redirected to the SSO login page if the IdP portal is open when your session expires. [AAAS-6510]
• When you restart your computer, your session is no longer remains active. You must log in and authenticate to access a resource or the IdP portal. [AAAS-6611]

• The AuthPoint Gateway has been updated to version 4.2.2-119.
• You can now install the AuthPoint Gateway on a Windows 2008r2 server. [AAAS-6324]
• The correct log message is now shown for successful RADIUS authentication attempts with an OTP. [AAAS-6627]
• The correct log message is now shown when you update an ADFS resource that is associated with a Gateway. [AAAS-6617]
• RADIUS authentication with an incorrect OTP is now logged as a failed authentication attempt instead of a timeout. [AAAS-6325]
• Performance improvements have been made for LDAP sync functionality. [AAAS-6318]
• You no longer see the command screens when you install the AuthPoint Gateway. [AAAS-4828]
• The issue that caused RADIUS authentication with just an OTP to fail has been resolved. [AAAS-5970]

• The Windows Logon app has been updated to version 1.7.0-102.
• Minor bug fixes and improvements.

• MFA now works with Splunk. [AAAS-6195]
• AuthPoint now supports basic authentication (ECP). You can enable this option in the Access Policy window. [AAAS-6099, AAAS-6100]
• On the Downloads page, you can no longer download the installer and the configuration file for the Logon app unless you have configured a Logon app resource. [AAAS-5333]
• You can now choose whether encryption is enabled or disabled when you upload a certificate for a SAML resource. [AAAS-5912]

• When an IdP session expires, your web browser is now automatically directed to the login page. [AAAS-6052]
• IdP portal applications are now displayed alphabetically. [AAAS-5905]
• This release improves how SAML sessions are handled when you log out of a service provider account. [AAAS-5954]

• Users can now delete blocked tokens in the AuthPoint mobile app. [AAAS-5864, AAAS-5797]
• The OTP for ConnectWise tokens now refreshes successfully on Android devices. [AAAS-5858]

• Minor bug fixes and improvements.

• The Windows Logon app has been updated to version 1.7.0-102
• The Logon app now compares the time difference between your Windows computer and WatchGuard Cloud to minimize failed authentication attempts due to timeout. [AAAS-5032]
• Users can now successfully log back on to a Windows computer with the Logon app installed and a GPO policy that does not remember the last user logged in. [AAAS-5425]
• The Forgot Token feature for the Windows Logon app now works for local users. [AAAS-5309]
• If the time on a computer or VM is changed while Forgot Token is enabled, AuthPoint now evaluates the time difference and the time frame set by the operator to the determine if the Forgot Token feature is still enabled. [AAAS-5298]

• The AuthPoint Gateway has been updated to version 4.1.1-111
• A Certificate Fingerprint button has been added to the Resources page. Use this to copy the certificate fingerprint, which some applications require to configure MFA. [AAAS-2547]
• You can now use the Forgot Token feature for RADIUS authentication. [AAAS-5554]
• The User ID text box has been removed from the RADIUS Client and IdP Portal resource pages. [AAAS-5862]
• When you add a SAML resource, the Application Type drop-down list now has context sensitive help links for applications that do not have an integration guide. [AAAS-5585]
• Concur and KnowBe4 have been added to the Application Type drop-down list for SAML resources. [AAAS-5863, AAAS-5925]
• For SAML resources, the Application Type drop-down list now has a context sensitive help link to the Confluence integration guide. [AAAS-5867]

• You now block and unblock tokens from the Token Management window. [AAAS-4921]
• PasswordPro has been added to the Application Type list for SAML resources. [AAAS-3205]
• You can now create users with @ in the user name. [AAAS-5606, AAAS-5607, AAAS-5623]

• You can now authenticate with user name or email for all RADIUS, SAML, and ADFS resources. You no longer have to configure this option for each resource.
• ADFS has been added as a new resource type. [AAAS-694]
• Bug fixes for the AuthPoint Gateway. [AAAS-5326]
• Wrike has been added to the Application Type drop-down list for SAML resources. [AAAS-5563]
• The AuthPoint mobile app now supports Kraken as a third-party token for Android and iOS. [AAAS-5017, AAAS-4751]
• You can now successfully activate a token on an Android device that has the language set to Turkish. [AAAS-5515]
• You now have the option to set a new PIN when you disable biometric protection for a token. [AAAS-4807, AAAS-5393]

• You can now download the configuration file for the Logon app on the Downloads page.
• For SAML resources, you can now select Email Prefix for the User ID. [AAAS-5415]
• When you click on a token on the Users page, the Token Management window now shows information about the device the token is activated on. [AAAS-4621]
• New applications have been added to the Application Type drop-down list on the SAML page. [AAAS-5181]
• The SSO page now shows you an error code and message when authentication fails. [AAAS-4234]
• The Back button no longer appears on the initial SSO page where you type your user name or email. [AAAS-5289]
• For external identities, you can now edit the Active Directory attribute values. [AAAS-5452]
• The Forgot Token window no longer populates with previously filled values. [AAAS-5292]
• AuthPoint now validates password length when a manually created user resets their password. Passwords must contain at least 6 characters. [AAAS-5581]
• The SSO page for SAML resources now shows the correct page name when you type an incorrect password. [AAAS-5401]
• Minor bug fixes and improvements.

• The accuracy of the geolocation information shown for push notifications and QR codes is improved. [AAAS-4301]
• Advanced queries for external identities are now validated to prevent the creation of duplicate queries. [AAAS-4557]
• The option to unregister a Gateway has been removed from the Edit Gateway page. You no longer have to unregister a Gateway when you uninstall it. [AAAS-5285]

• On the Users page, the Token column now shows a Pending status for a user who has not activated their token. [AAAS-4009]
• The issue that caused users to be sent to the IdP portal when their session expired has been resolved. This resulted in an error for users who did not have the IdP portal. [AAAS-5268]
• The Logon app for Windows now works for users with less than three characters in their user name. [AAAS-5128]
• You no longer have to download a new configuration file when you upgrade the Logon app. The Logon app installer can now use the existing configuration file. [AAAS-5209]
• If the Logon app resource is removed, MFA is no longer required and users can log in with their password. [AAAS-4957, AAAS-5125, AAAS-5129]
• The Logon app page now displays a message that tells the user if the Forgot Token feature is active and how long it is active for. This message appears whether the machine is online or offline. [AAAS-4483]
• On the Logon app page, the message that indicates how long the Forgot Token feature is active for now shows the correct time. [AAAS-5105]
• Users synced from Active Directory are now able to successfully change their password when it expires. [AAAS-5188]

• The memberOf attribute in SAML authentication responses now includes the user’s group name. [AAAS-5026]
• You can now activate tokens on iOS 9.x and 10.x mobile devices that do not support touch ID. [AAAS-5163]

• The WatchGuard AuthPoint mobile app for Android has been updated to version 1.4.0.
• Minor bug fixes and improvements.

• The AuthPoint Gateway and the Logon app for Windows have been updated.
• For external identities, you can now use the Group Sync feature to sync users from specific AD/LDAP groups without a query. You must download and install the updated AuthPoint Gateway to use this feature. [AAAS-4933, AAAS-4608, AAAS-4906, AAAS-4969, AAAS-4238]
• Overallocation no longer affects all users. If your account becomes overallocated, the status of unlicensed users is changed to Overallocated and those users cannot authenticate until your allocation is fixed. [AAAS-4627]
• AuthPoint now supports MSCHAPv2 RADIUS authentication for manually created users (not AD/LDAP users). You must download and install the updated AuthPoint Gateway to use this feature. [AAAS-891, AAAS-4511]
• The Download page is renamed to Downloads. [AAAS-4795]
• The Token Information window is renamed to Token Management. [AAAS-4922]
• AuthPoint now updates the DN for AD/LDAP users that are moved if they remain in the same group. [AAAS-4888]
• This release resolves an issue with the Logon app that caused the Forgot Token feature to not work for local users. [AAAS-4878]
• General improvements have been made to AuthPoint log messages. [AAAS-4731, AAAS-4911, AAAS-4926]

• On the Download page, you can now see when each installer was last updated. [AAAS-4796]
• For external identities, the Query function has been renamed Advanced Query. The reason for this is to avoid confusion when we release a new feature to sync users without a query. [AAAS-4906]
• The Push Timeout text box was removed from the Settings page. [AAAS-4827]
• General improvements to how AuthPoint installers are downloaded. [AAAS-4755]
• User passwords that include “\” now work correctly for authentication. [AAAS-4891]
• You can now validate queries that contain multi-byte characters. [AAAS-4862]
• General updates have been made to error messages on the Download page. [AAAS-4196]
• All instances of the term OTT in the UI have been updated to Gateway Registration Key. The term OTT is no longer used. [AAAS-4817]

• The Forgot Token feature now works for LDAP users. [AAAS-4861]
• Users are now shown an error message when they try to migrate a token without first activating a previously migrated token. [AAAS-4639]
• The format of the Set Password and Token Activation emails have been updated. [AAAS-4654]

• The IdP Portal now validates different levels of authentication. If the user has an active session (they have already authenticated and logged in), they are required to authenticate again only for resources with different MFA requirements. [AAAS-2485] [AAAS-3668]
• When the Forgot Token feature is active for a user, the single sign-on page now displays a message that tells the user that the Forgot Token feature is active and how long it is active for. [AAAS-4484]
• The notification email about denied pushes for RADIUS client resources no longer indicates the location where the push was denied (the location was not accurate because the origin of the push is the trusted IP of the firewall). [AAAS-4509]
• On the Download page, the minimum Java version listed for the Gateway has been updated to JRE 8u162. [AAAS-4353]
• This release resolves an issue that caused operators to see the Subscriber view for the wrong account when they navigated back from the IdP Portal. [AAAS-4543]

• The Gateway has been updated to improve LDAP synchronization. [AAAS-4389] [AAAS-4390] [AAAS-4391]
• User passwords for manually created users that include “=” now work correctly for RADIUS authentication. [AAAS-4248]

• MFA now works with Adobe. [AAAS-3486]
• New applications have been added to the Application Type drop-down list on the SAML page. [AAAS-4219]
• When you add a SAML resource, the Application Type drop-down list now has context sensitive help links to the AuthPoint integration guides. [AAAS-3027]
• When an LDAP/AD user selects Forgot Password on the single sign-on page, they now see an error message. [AAAS-4485]
• The Forgot Token single sign-on page now shows the Change Time Period link. [AAAS-4371]
• The text in the Set Password email has been updated. [AAAS-4255]
• The Windows Logon app installer can now get the required configuration file from the System32 directory. [AAAS-4135]
• On the LDAP Configuration page, the Password text box was renamed to Passphrase and the text for the System Account slider has been updated. [AAAS-4057]
• The Logon app for Windows has been updated. On the logon screen, the Forgot Token link has been changed to an icon and users can now log in with only their password if the access policy for the Logon app does not require authentication. [AAAS-4055]
• General improvements have been made to the Download page. [AAAS-4352]

• When you select Forgot Token for a blocked user, you now see an error message. [AAAS-4322]
• You can now successfully disable an LDAP external identity. [AAAS-4264]
• The issue that caused the External Identities page to appear when you tried to add a redundant address to an existing external identity has been resolved. [AAAS-4358]
• MFA now works correctly with BlueJeans. [AAAS-3553]
• The Edit Group page now loads correctly for groups that have a SAML resource without a custom attribute value. [AAAS-4361]
• Users with two or more tokens on the same mobile device no longer receive multiple push notifications when they authenticate. [AAAS-4063]

• The WatchGuard AuthPoint mobile app for Android has been updated to version 1.3.2 (the mobile app for iOS has not been updated).
• Performance improvements have been made to reporting functionality. [AAAS-3930]
• On the Users page, the user account menu no longer shows the Resend Set Password Email option for LDAP users. [AAAS-3948]
• The issue that caused the Add Policy window to close if you used your keyboard to select a resource has been resolved. [AAAS-3983]
• The Add button on the Resources and External Identities pages was updated to match the other pages in the UI. [AAAS-4066]
• When you disable an external identity, the Synchronization Interval text box and Add Redundant Address button no longer remain enabled. [AAAS-4292]
• The issue that prevented you from selecting an image when you edit your token in the mobile app has been resolved. [AAAS-4351]
• General updates have been made to error messages. [AAAS-4320] [AAAS-4323]

• AuthPoint now validates your active sessions when you log into a resource to determine if you must authenticate again. [AAAS-2485]
• Password Manager Pro can now enable integration with AuthPoint for SAML authentication. [AAAS-3205]
• The issue that caused the Download page to sometimes not load has been resolved. [AAAS-4218]
• The agent connection handler has been improved so that it does not send update events to AuthPoint Gateway. [AAAS-4249]

• Auto scaling improvements. [AAAS-4038]
• Set password bug fix. [AAAS-3853] [AAAS-4073]
• The endpoints used by unencrypted versions of the AuthPoint Gateway to communicate with WatchGuard Cloud have been removed. [AAAS-4031]
• Various other bug fixes and UI improvements.

• The WatchGuard AuthPoint mobile app has been updated. Download the updated app from the app store (you do not have to uninstall the current version before you update).
• The alert notification for LDAP sync now shows the number of users created, updated, and quarantined.
• The Forgot Token window now has a link to instructions that tell the user how the Forgot Token feature works and what they must do.
• The Windows Logon app no longer crashes if your Support Message contains characters reserved for JSON. The characters are: " , [ ] , { }
• Users no longer have to activate their token to authenticate and log in to resources that only require a password.
• The Activation report shows the users that have not activated their tokens. [Center Code Bug 0054]
• When you navigate back to the IdP portal with a valid session (you are still logged in), you no longer see the logon screen when the portal loads.