Authpoint + user elevation

kkzlskkzls
in AuthPoint - General

Is there a way to make authpoint to prompt for approval when windows ask for elevated user credentials?

Answers

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @kkzls
    At this current point in time AuthPoint only asks for authentication when the user initially logs in.
    There is a feature request that is currently being worked on (AAAS-13391) for this functionality -- I don't have an ETA as to wen it might be available yet.

    -James Carson
    WatchGuard Customer Support

  • Al_CAl_C

    We are also looking for a solution to this matter . our insurance requires us to have the following ..

    "In addition to remote access, multi-factor authentication is required for the following, including such access provided to employees, contractors, or 3rd party service providers:
    All internal and remote administrative access to directory services (active directory, LDAP, etc.).
    All internal and remote administrative access to network backup environments.
    All internal and remote administrative access to network infrastructure (firewalls, routers, switches, etc.).
    All internal and remote administrative access to the organization’s endpoints/servers. "

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Al_C
    In most of these cases, this would fall under AAAS-13391 as the user would need to elevate permissions to access these, or the remote access would be handled via RADIUS, or logon app.

    -LDAP, etc would be handled by user elevation (AAAS-13391) or the existing logon app.
    -Network backup would either be handled by the existing logon app or via RADIUS/SAML if it's a different type of environment. The backup appliance would need to support an external logon server.
    -Firewalls/routers,etc could be handled via RADIUS or SAML depending on what they support.
    -Access to servers will be via Logon App, RADIUS, or RDWeb, depending on what those devices support.

    The big question is what do the devices you're looking to secure support? If they only support local login, for example, there won't be a great way to secure them. In some instances, using something like access portal (secured by authpoint or another SAML provider) to access an SSH or similar might work as well.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.