How will my users login if they lose their phone or don't have the token for some reason?
Users who do not have their token can work with their Authpoint administrator to enable a Forgot Token mode for their account, which will allow them to login for a period of time without the second factor.
The administrator will need to deploy the IdP portal in Authpoint to allow the user to activate the Forgot Token mode. Here is more information about the IdP portal:https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/idp-portal_about.html
This document goes over the steps to get the forgot token and activate the mode from the user's perspective:https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/forgot_authenticator.html
Once they have obtained the forgot token code, the administrator will need to enter this in the Authpoint user dashboard and get an activation code the user can use to activate forgot user mode. This document goes over this process from the administrator's perspective:https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/forgot-authenticator-operator.html
Once the mode is activated they will be able to login to any Authpoint resource such as the SSL VPN using only their password. After the period of time specified by the administrator the mode will deactivate and the user's token will be required again. If the user lost the phone the administrator can remove their token in the Authpoint user dashboard and issue a new one.