AuthPoint - General — WatchGuard Community

LogonApp Error 5433

ydekraoui — Tue, 10 Mar 2026 11:53:39 +0000

Hello,

I am currently configuring LogonApp in my lab environment using the trial version and have encountered a few issues during the setup.

For local users, the LogonApp returns error 5433, even though the account has been configured as a non-MFA user and the policy allows non-MFA authentication. Despite this configuration, the same error continues to appear during logon.

For Active Directory users, the system displays a “user not found” message, although the users are correctly present in the domain and appear to be synchronized.

During my research, I came across information suggesting that a Group Policy Object (GPO) may need to be configured on the domain for the LogonApp agent to function properly. However, I was unable to find any reference to this configuration step in the videos available on the Learning Center.

I would appreciate your assistance in confirming whether a specific GPO configuration is required and in guiding me through the correct setup for this part of the implementation.

Thank you in advance for your support.

Kind regards,

Error 400.016.303

Stefano_C — Thu, 05 Feb 2026 11:29:53 +0000

What does error 400.016.303 and is there a list of error codes please?

Error code 400.003.368

Stefano_C — Tue, 03 Feb 2026 09:59:07 +0000

What does this error mean on the watchguard authpoint app?

This thread: https://community.watchguard.com/watchguard-community/discussion/2678/authpoint-error-code-402-003-311
Mentioned that there will be a error code list soon, but it's from 2022. is the list available?

Authpoint windows logon app with token passwordless

PMEAdmin — Wed, 28 Jan 2026 20:55:38 +0000

I have the Windows logon app install and configured. It comes up as MFA and we type the token code after the password. I thought this was going to be passwordless or did I not configure it correctly?

Authpoint Gateway Unable to start and crashes unexpectedly

Error_Guy_2025 — Wed, 21 Jan 2026 15:50:25 +0000

Hello everyone!

I have a strange issue where we when we try to start the authpoint service, I get an error 1067 and it crashes unexpectedly. We currently can't sync as it won't connect. If anyone has experience this before and found a solution, please let me know!

Using Intune with Authpoint

JAndersonGW6669 — Tue, 20 Jan 2026 19:48:58 +0000

All:
I'm working on getting Intune to sync workstations and keep running into a block. AzureADPrt is no and I can't get it to flip to yes. My question is can a workstation sync to Intune if I am using Authpoint as my MFA? Seems like I am missing something simple. Licensing is correct. From dsregcmd /status:

            AzureAdPrt : NO
   AzureAdPrtAuthority :
 AcquirePrtDiagnostics : PRESENT
  Previous Prt Attempt : 2026-01-20 18:54:07.221 UTC
        Attempt Status : 0xc000005f
         User Identity : XXXXXXXXXXX@XXXXXXXX.com
       Credential Type : Password
        Correlation ID : 4dd6a308-400b-4090-a3de-edb149c3d6ce
          Endpoint URI : https://login.microsoftonline.com/b9b8fda3-3026-4e58-81b3-6477129829ff/oauth2/token
           HTTP Method :
            HTTP Error : 0x0
           HTTP status : 200
     Server Error Code :

Server Error Description :
EnterprisePrt : NO

Any advice would be appreciated!

Snapdragon with Authpoint logon app

jreedtbf — Mon, 29 Dec 2025 21:41:05 +0000

I purchased a new laptop, unknowingly with a snapdragon processor and it doesn't seem like the watchguard logon app will work. It is installed but doesn't run. Has anyone been able to get this to work?

Directories and Domain Services

NetworkWise — Tue, 06 Jan 2026 05:28:06 +0000

I'm in the process of setting up authpoint and EPDR to connect to entra id. I was following the instructions here https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/external-identity_azure-ad.html and at this point i have an the external identity setup and it says connected when i use the check connection option but i don't see any users or groups from entra id. Do i need to add a authentication domain under the Directories and Domain Services then choose watchguard cloud directory?

RD Web HTML/5 Version

Andy_TCT — Thu, 04 Dec 2025 23:22:08 +0000

New to Auth Point so two questions sorry!

I've configured the RD Web connection which works OK when I use the old "Internet Explorer" interface RD Web. When I use the new HTML/5 RD Web interface Auth Point is completely bypassed and the users can log straight in. We've users connecting from Mac's and other browsers so need to use HTML/5 plus the old interface is pain for users with no SSO.

Is there a way to enable Auth Point within the HTML/5 interface please?

Thanks

Andy.

Remote Desktop Double Login

Andy_TCT — Thu, 04 Dec 2025 23:18:52 +0000

We have users connecting to Remote Desktop using MSTSC (RDP) shortcuts not RD Web as these are all internal PC's. We have the logon app on the RD Hosts which works fine.

However, when running mstsc the user logs in with the RD client and they now go to the Windows login screen where they have to login again before getting the MFA challenge.

Has anyone found a way around this so users just have to enter their credentials once?

Thanks

Andy.

How to allow local account Access

SupportAdmin — Thu, 06 Nov 2025 00:02:23 +0000

I have a local admin account created on each server and all workstations. I cannot log in because of Watchguard. How can bypass Watchguard with these local non-domain accounts? I do have a policy to bypass domain users but cannot figure out how to bypass local users.

IKEv2 Integration with AuthPoint for Active Directory Users

KostasG — Sat, 08 Nov 2025 13:35:54 +0000

Hi to the community. We have a Watchguard Firewall M290 on our HQ and 7 users that have IKEv2 VPN connections using FireboxDB accounts. We purchased 7 Authpoint licenses in order to be able to add MFA to these users. Since we are using Active directory i thought best to use the integration so that each users connects with his domaion account. I followed the official guide (https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/firebox-ikev2-vpn-radius_authpoint.html) but for the love of me i can't connect no matter what. External identity passes connection test, security group from AD is synced, i can see the 7 users , i ahave assgned and activated a token for my user butwhen i try to connect i see in the traffic monitor logs that user not exist or wrong password. The synced to Authpoint group is added to IKEv2 authentication page and Authpoint is the default authentication server. The NPS is set up, maybe the issue is there ? I dont know how to test it. I believe everything is as it should be. Has anyone else had issues before ?

How to deal with local Users?

Daniel_B — Mon, 03 Nov 2025 08:31:40 +0000

Hello,

We use Authpoint for our administrators on our servers.
We have now noticed that logging in as a local administrator does not work.
The local administrator account is only a backup in a worst-case scenario.

Is it possible to create a question for local administrators? If so, where?

Thank you very much!

Preventing users from migrating tokens

tb7108 — Tue, 28 Oct 2025 18:40:52 +0000

Does anyone have a way of preventing users for migrating authpoint MFA tokens between devices/ I put in a product enhancement request back in 2024 with no new updates once it was excepted. Any wat to control this behavior with MDM or other controls, this has become a huge problem for our organization as users will migrate tokens to devices outside our MDM

error code 400.003.312

IvanoVf — Fri, 19 Sep 2025 09:20:14 +0000

Hello.
one of my users randomly can't connect to our ressources and gets this error code on he iphone. changing the power or data saving option can't change a thing.
do you have an idea to solve this problem? is there an error code listing?
thanks for your help
regards

AuthPoint Agent for Windows 4.0

Mr_Bit — Thu, 11 Sep 2025 11:26:01 +0000

Hello,

I'm testing the new Agent 4.0 version for Windows with mixed results. The release notes states:

Agent for Windows v4.0 — Release Date: 23 May 2024
Enhancements

When you authenticate with OTP, the Logon app now automatically makes the OTP field active so you do not have to select the field before you can enter your one-time password. [AAAS-26564]

I found 3 problems:

The Release Date on the Authpoint release website ( https://www.watchguard.com/support/release-notes/Cloud/Content/en-US/AuthPoint/agent_releases.html) is wrong
the app doenst make the OTP field active, you still have to click in the first number field to enter the code
the "Enter" key on the numeric keypad does not work, i can enter the numbers but have to use the return key

Regards

Marko

Authpoint MFA Configuration for Gateways Offline

JAndersonGW6669 — Mon, 18 Aug 2025 21:35:04 +0000

I'm working on my disaster recovery plan, and an item that has come up is MFA if our Authpoint Gateways are offline due to a disaster or a long-term internet outage.

Some Questions:
Can Authpoint be configured in a way to handle the gateways offline so M365 apps are assessible? I've looked into this in the past and was told the solution was to rollback federation temporarily or give each user 2 tokens.

I have a user synced from Azure from an external identity for Entra, but it will not authenticate.

Audit Log Detail
Date/Time
2025-08-18 16:16:47
User
TestUserAzure@******.com
IP Address
usa.cloud.watchguard.com
Source
AUTH
Category
SAML
Sub-Category
LDAP
Action
UNAUTHORIZED
Target
AADSaml

Details
Origin IP: x.x.x.x
Reason: MFA did not authorize.
Error: 201.005.001 - MFA did not authorize.
Request Id: 437818fc-3f6c-471c-a9de-7c22011e8f03
Policy Used: Entra_MFA
Location Data Accuracy: Low (distance not available)
Origin Location: Minneapolis, Minnesota, United States

Entra_MFA policy points to test group user is part of. Resource for policy is AADSaml

Any advice would be appreciated!

Export Authpoint password manager

ThomasH25 — Mon, 28 Jul 2025 14:23:12 +0000

Hello,

Following the announcement of the end of life for the AuthPoint password manager, I need to transition my company to a new password management solution.

I would like to know if there is a way to export all the data stored in AuthPoint. While I have found an option to export private tabs, I am unsure if it is possible to export the corporate tab in the export menu, I am unable to modify or select the password list for export.

Thank you for your help.

Authpoint Radius Microsoft Remote Dekstop Gateway NPS

Merijn — Tue, 01 Mar 2022 15:39:17 +0000

Hi,

Does anyone has the experience to get authpoint radius authentication combined with Microsoft Remote Desktop gateway working?

Regards,

AuthPoint Error code 403.001.763

Graeme — Wed, 18 Jun 2025 04:10:47 +0000

Hi, Can someone please decode this error 403.001.763, from a user trying to activate a token from the email QR code. Just need to know what it means to point us in the right direction.

Thanks in advance.

Authpoint License Activation

pasayev — Mon, 16 Jun 2025 12:44:50 +0000

Hello,

I purchased a license for authpoint and activated it. But when I try to login my imac computer it gives following error.

The Authpoint license for this account is expired. Contact your Authpoint administrator or service provider.
What should I do?

AuthPoint MFA for Watchguard System manager and Policy Manager

keysd — Tue, 22 Feb 2022 19:47:04 +0000

MFA for firewalls, routers, and switches is going to be a requirement for our company in the near future. We're currently using AuthPoint for mobile VPN.

Is there a way to use AuthPoint MFA with WSM and Policy Manager. I see documentation to configure AuthPoint with WebUI, but I'm not finding anything that specifically mentions WSM or Policy Manager. I saw a old post in this community where James Carson mentioned that AuthPoint support for the FireboxDB was a current open Feature request back in 2019. Any update on that would be appreciated.

https://community.watchguard.com/watchguard-community/discussion/534/firewalls-admin-interface-via-mfa

I've been a WSM user for almost 20 years and rarely use WebUI. Maybe its time to start using WebUI? Is WebUI the future for Watchguard administration or is WSM here to stay as well?

IKE VPN with AuthPoint RADIUS in remote office.

jesse — Mon, 02 Jun 2025 16:13:10 +0000

Hello,
We are trying to set up IKE VPN in one of our branch offices. It needs to leverage our RADIUS server for AuthPoint that is located in our home office and connected to branch network over BOVPN. Watching the traffic the packets seem to get to the RADIUS and it responds but that never seems to arrive back at the branch WatchGuard in order to trigger AuthPoint push.
We have IKE set up in three of our locations be those all have their own RADIUS servers local to their branch. This is the first one we've tried to leverage a RADIUS server that was remote from the terminating WG.

I would appreciate direction on what we might be missing.

Authpoint Error Code: 402.003.311

Thomasw — Thu, 30 Jun 2022 14:00:12 +0000

Do not see a list of error codes anywhere to tell me what 402.003.311 points to. I did get from the forums here that 402 is IOS specific, but ...

User gets the push notification presses approve and gets authentication error 402.003.311 one time password got the user in but I would like to fix his issue if I can.

The Audit Logs and Notification do not receive the issue, anyone know what causes this error?

Software Token for MFA

sukram — Wed, 14 May 2025 09:51:54 +0000

Hello,

is it possible to use the KeepassXC software token for MFA login to Access Portal or VPN Connections?

Best

SSLVPN and Authpoint with Linux

Markus_NF — Fri, 25 Apr 2025 06:24:43 +0000

Hello everybody,
I started migrating my private computers from Windows to Linux.
Now I need to connect our companie's network using SSL VPN. We use Authpoint.

With Windows I used OPENVPN, which worked fine.

But using openvpn3 with linux, after entering username and password I get my Authpoint push request again and again.

Is there any recommended program that works properly under this conditions?

Thank you and kind regards from Germany
Markus

Authpoint Feitian Third Party Tokens

Gmanry — Wed, 23 Apr 2025 16:16:08 +0000

Hello,

We have purchased some Feitian c200s and received a seed file. It has been some years since we had to add any tokens.

We received a PDF that we rename with the zip extension and a password. That contains a simple text file with the token serial numbers and the secrets for each token.

I am stuck in a three way battle with Feitian saying that is all we need and Watchguard saying it needs to be in PSKC format with a key to unlock it.

What am I missing. There isn't any way to use the zip file in the import process. Do I need to encrypt the seed file myself with something akin to OpenSSL? I could use some help getting this squared away.

Note:

In the past they sent an XML file with a private key bin file, and that worked fine. Now they just send the txt file with no PSKC formatting. Talking to them is like talking to a brick wall.

Thanks

Glenn

Dimension and AuthPoint

Jeremy_Hodge — Thu, 24 Mar 2022 14:11:36 +0000

Has anyone gotten AuthPoint to work to provide MFA with Dimension? I'm trying to set it up using Radius and am not getting anywhere. Tried through the gateway, through NPS, etc.. Request never gets to NPS as far as I can tell. Anything I do results in the following error, which seems like AuthPoint thinks the request is not authorized at the policy level? The policy is set to All Groups as a test etc.

Date/Time
2022-03-24 09:59:49
User

IP Address
usa.cloud.watchguard.com
Source
AUTH
Category
RADIUS
Sub-Category
LDAP
Action
UNAUTHORIZED
Target
Dimension

Details
Reason: MFA did not authorize.
Error: 201.005.001 - The authentication attempt is not authorized.
Request Id: b062b803-0078-4d22-86fd-05b64ba01d7a
Policy Used: WG Dimension
Origin Location: not available

MS365 MFA with Authpoint - push notifications

Mr_P — Fri, 07 Feb 2025 11:53:37 +0000

I have been working through the process of setting up my users to use Authpoint as MFA for their MS365 accounts, and am getting some inconsistent results.
I have push notifications already work for all users, so I am happy that the app itself is configured corrected on the suers phones.
However, of the 4 accounts I have set up so far, three are not getting a push notification when signing into MS365, and one is. Those that are not, are prompted to enter a code, which works fine. So on the surface of things, all should be configured correctly you would think. Does anyone have any idea why one user is getting a push notification and the others are not?
Interestingly, in the MS My Sign-ins Security info, the user who is getting the push notifications, does not have an authenticator app configured at all - whereas the others do.
The only other difference I am aware of, is the user who is getting the push notifications uses a samsung device, all the others are Apple devices,
Any thoughts to help save my sanity??

error 400.012.310

illbrain — Wed, 22 Jan 2025 08:54:57 +0000

We try to activate a token on a Samsung Galaxy S22 5G and get the error 400.012.310. When we turn off the WiFi, the errors 400.001.301 400.001.303 appear.
The app has been reinstalled and the token is therefore also new.