About Users Synchronization


I have a question related with AuthPoint Synchronization. I have communication between components (AuthPoint Gateway, AD, Firebox). But, when I tried to sync the users with AuthPoint Cloud, it showed me an error. What permissions do I need to add to the "AuthPoint" user, when the users to sync are in different OUs?


  • Options
    Daniele_MammanoDaniele_Mammano WatchGuard Representative

    Hello @Iscott ,

    all information about the synchronization can be find here:

    Sync Your Users
    Now that you have created an external identity for your LDAP database and connected the external identity to your Gateway configuration, you must specify which users to sync from your LDAP database.

    There are two ways to query users:

    Use the group sync feature (recommended)
    Create an advanced query
    After you add a query to find your users (manually or with group sync), AuthPoint syncs with your Active Directory or LDAP database at the next synchronization interval and an AuthPoint user account is created for each user identified by the query. If your query returns more users than you have available licenses for, the sync only creates as many users as your license supports.

    LDAP users that do not have a name, user name, and email address are not included in the synchronization.

    The created user accounts appear on the Users page with a green Activated status icon next to the user name. The Activated status icon indicates that the user has been created and is currently active (not blocked). You can identify users synced from an external identity by the LDAP tag next to their name in the list of users.

    Each user is sent an email that they use to activate their token in the AuthPoint mobile app. When a user activates their token, their token information is shown in the Token column with a green Activated status icon next to the token.

    Before you continue, make sure that each user account has a valid email address. If the email address for a user account is not correct, the user cannot receive the email message to set a password and activate a token.

    For any further questions or doubts, don't hesitate to write a new post.

    -Daniele M.

  • Options

    Hello, Daniel.

    Thanks a lot for your answer.

    Yes. I have applied each step, but the result was negative. I opened a case with Support and they said me that in the AuthPoint Gateway current version there is a bug that don't allow the GroupSync synchronization when there are many groups created in the Active Directory server. I have used AdvancedQuery and I was able to synchronize the users.

    Thanks again for your help, Daniel.


  • Options

    I had this very same problem (Group Sync). Had an issue with a WG engineer telling me otherwise, but a week later I saw a comment in the latest beta release notes saying they'd fixed it. Tested, and yes - I can confirm the Group Sync now works again (just to reiterate - that's with the latest beta).

    All Fireboxes (T-Series, M-Series, FireboxV, Firebox Cloud etc.); EPDR, Advanced EPDR/Cytomic, Orion (Threat Hunting); WiFi, AuthPoint. WSC/Cloud. Management of a few hundred Fireboxes, and a few thousand EPDR endpoints. Platinum Partner. Views my own (if any!).

Sign In to comment.