Support for OpenID Connect
I've been using AuthPoint with Azure Active Directory and it's working very well.
Recently I wanted to enable external authentication for ConnectWise SSO but found it only supports OpenID Connect which AuthPoint doesn't support.
So I wasn't able to make ConnectWise SSO work directly with AuthPoint.
As a work around I was able to make ConnectWise SSO use Azure Active Directory for external authentication, it works but its a bit convoluted.
The flow is like this, user navigates to ConnectWise SSO (from another ConnectWise product) > enter username > then redirect to Azure Active Directory > enter user name a 2nd time > then redirect to WatchGuard AuthPoint > enter user name a 3rd time > then authenticate and redirect back to AAD then redirect back to ConnectWise SSO.
Would be great if support for OpenID Connect could be added.
Also a side not, would be great if AuthPoint was able to somehow pickup the username when being redirected during SP initiated sign on, so that we only had to enter the username once. (e.g already populated on the AuthPoint login page), not sure if thats possible though, just a thought.
Comments
Hi @Jaz
The Connectwise service provider requires a few custom attributes to work -- can you please try applying the steps in the KB here:
https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/connectwise-control-saml_authpoint.html
If that doesn't work, there is already a feature request in place to support OpenID. The feature request # for that is AAAS-8810.
Thank you,
-James Carson
WatchGuard Customer Support
Hi James, thanks for the follow up.
The ConnectWise product I'm referring to is not ConnectWise Control but ConnectWise Home / ConnectWise SSO as per the following link.
https://docs.connectwise.com/ConnectWise_Documentation/ConnectWise_Unified_Product/ConnectWise_Home/040#Authentication_Tab
This particular product only supports OpenID Connect.
Hi @Jaz
In that event, it's not currently supported. The feature request for it is AAAS-8810. If you'd like to follow that request, please open a support case, and mention it. The rep that takes the case can set the case up to do that for you.
Thank you.
-James Carson
WatchGuard Customer Support
Thanks James
Hello,
Any update on OpenID support?
Thank you.
Hi @0xgnampf
It's currently in a planning phase and is waiting for a development team with available time.
If you would like updates, please create a support case and mention AAAS-8810 somewhere in the case text. The tech that is assigned the case can set the case up to provide status updates for you.
Thank you,
-James Carson
WatchGuard Customer Support
Thank you, James.
Hi @james.carson
Just wondering if there is any update on this. Autotask is also OpenID only.
Thank you
@~Jon S
AAAS-8810 is just a request to support OpenID.
It's open, there's no ETA at this point in time.
-James Carson
WatchGuard Customer Support
In the meantime, we also come across some web applications that do not support Radius and SAML.
To continue using Authpoint, we urgently need OIDC support in the product.
Otherwise, we will probably have to switch to another product which (because it has wider distribution) is supported by these web applications.
Hi @sziehm If you'd like to follow that request, please create a support case and mention AAAS-8810 in it. At this current point in time, there is no ETA as to when this feature might be available.
-James Carson
WatchGuard Customer Support
OIDC coming in 2024!