Configuring AuthPoint for SSL-VPN with AzureAD

Hi,
I can get AuthPoint to work with my SSL-VPN if I create the users manually but I'm trying to get it to authenticate to my Azure AD.

I've create a group in Azure AD called WGMobileVPNUsers and I've got AuthPoint syncing with it and pulling the user from there into my AuthPoint group I've called WGAuthPointGroup.

Then in my Firebox configuration I've added a group with a name that matches the AuthPoint group (WGAuthPointGroup) and added this to the SSL VPN.

But the users in this group cant authenticate to the VPN and dont get the AuthPoint prompt on the mobile app. The SSL client just say "Contacting server
Could not read configuration" then goes back to the login box.

I feel like I'm missing a step that allows the AuthPoint user to authenticate to my Azure AD?

I've not installed or configured any Gateway in AuthPoint so maybe thats where I'm going wrong, is that needed for Azure AD or just on premise AD?

Can somebody help me figure out where I'm going wrong please?

Many thanks,

Comments

  • Hi @HXITAdmin

    if you are using Conditional Access rules Azure, some of your rules may deny the AuthPoint connection and you need to make an exception for the AuthPoint….

    check the Sign-in logs in Azure Active Directory

  • I ended up raising a case with WatchGuard support and they advised to add the AuthPoint Azure AD Integration IPs to the Trusted IPs feature in Azure AD, which has worked and resolved the problem.

    Azure Active Directory > Security > Multifactor authentication > Getting started > Configure > Additional cloud-based MFA settings > Trusted IP's > add below IP's to 'Skip multi-factor authentication for requests from the following range of IP address subnets':
    34.218.136.36/32
    18.196.254.65/32
    13.114.41.102/32

Sign In to comment.