Support for OpenID Connect

I've been using AuthPoint with Azure Active Directory and it's working very well.
Recently I wanted to enable external authentication for ConnectWise SSO but found it only supports OpenID Connect which AuthPoint doesn't support.

So I wasn't able to make ConnectWise SSO work directly with AuthPoint.

As a work around I was able to make ConnectWise SSO use Azure Active Directory for external authentication, it works but its a bit convoluted.

The flow is like this, user navigates to ConnectWise SSO (from another ConnectWise product) > enter username > then redirect to Azure Active Directory > enter user name a 2nd time > then redirect to WatchGuard AuthPoint > enter user name a 3rd time > then authenticate and redirect back to AAD then redirect back to ConnectWise SSO.

Would be great if support for OpenID Connect could be added.

Also a side not, would be great if AuthPoint was able to somehow pickup the username when being redirected during SP initiated sign on, so that we only had to enter the username once. (e.g already populated on the AuthPoint login page), not sure if thats possible though, just a thought.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Jaz

    The Connectwise service provider requires a few custom attributes to work -- can you please try applying the steps in the KB here:

    https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/connectwise-control-saml_authpoint.html

    If that doesn't work, there is already a feature request in place to support OpenID. The feature request # for that is AAAS-8810.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • Hi James, thanks for the follow up.

    The ConnectWise product I'm referring to is not ConnectWise Control but ConnectWise Home / ConnectWise SSO as per the following link.

    https://docs.connectwise.com/ConnectWise_Documentation/ConnectWise_Unified_Product/ConnectWise_Home/040#Authentication_Tab

    This particular product only supports OpenID Connect.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Jaz

    In that event, it's not currently supported. The feature request for it is AAAS-8810. If you'd like to follow that request, please open a support case, and mention it. The rep that takes the case can set the case up to do that for you.

    Thank you.

    -James Carson
    WatchGuard Customer Support

  • Thanks James

  • Hello,

    Any update on OpenID support?

    Thank you.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @0xgnampf

    It's currently in a planning phase and is waiting for a development team with available time.

    If you would like updates, please create a support case and mention AAAS-8810 somewhere in the case text. The tech that is assigned the case can set the case up to provide status updates for you.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • Thank you, James.

  • Hi @james.carson

    Just wondering if there is any update on this. Autotask is also OpenID only.

    Thank you

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @~Jon S
    AAAS-8810 is just a request to support OpenID.
    It's open, there's no ETA at this point in time.

    -James Carson
    WatchGuard Customer Support

  • In the meantime, we also come across some web applications that do not support Radius and SAML.
    To continue using Authpoint, we urgently need OIDC support in the product.
    Otherwise, we will probably have to switch to another product which (because it has wider distribution) is supported by these web applications.

  • james.carsonjames.carson Moderator, WatchGuard Representative
    edited October 2023

    Hi @sziehm If you'd like to follow that request, please create a support case and mention AAAS-8810 in it. At this current point in time, there is no ETA as to when this feature might be available.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.