Hypersocket (formerly Nervepoint) enables organizations to efficiently manage and administer end users and their access to disparate systems by empowering end users to manage their own accounts across multiple systems both on-premise and in the cloud, while allowing IT to gain control over user sprawl, cut support and gain in-depth business insight.
N/A
WatchGuard AuthPoint
Score 9.1 out of 10
N/A
AuthPoint Total Identity Security provides businesses with a solution to protect user accounts and credentials. With
multi-factor authentication and dark web credential
monitoring, AuthPoint mitigates the risks associated with workforce credential
attacks. AuthPoint adds an extra layer of security by monitoring for
potential credential exposure in the dark web for both personal and corporate
accounts.
One Identity is a great self-service password management system, however, it is limited to just that. As it stacks against the competition, Hypersocket isn't modular, it's an all-in-one which most other systems aren't. One Identity is what we use today for self-service, and …
Nervepoint Access Manager (NAM) has the ability to deal with multiple domains. While ServiceNow at the time we looked at the solution did not (I do not know if it does now). NAM was a more polished, mature product.
We use different 2FA providers to secure different things. We are actively using Duo now, as well as WatchGuard AuthPoint. Each provider has different strengths, and you must test the applicability of a service in your own environment.
Started looking at Yubikeys and RSA, but WatchGuard AuthPoint had complete package instead of piecemealing tokens with one vendor and then using softkeys from Microsoft or another vendor.
The biggest reason we selected Watchguard was support. We already use Watchguard firewall products and have received excellent support from our third-party vendor, Watchguard.
If you already have WatchGuard firewall, this just integrates a lot better than any other product. We tried Microsoft Authenticator but not nearly as seemless for the experience as it is with WatchGuard AuthPoint. It is all built into the same portal as the firewall and can be …
WatchGuard AuthPoint is less expensive than most competitors, easier to manage through WatchGuard Cloud, and the MFA solutions is rock solid and secure. We do not worry about vulnerabilities with WatchGuard AuthPoint.
We reviewed and tested Duo, but having already WatchGuard products, and WatchGuard AuthPoint also having more capabilities, we ended up with them. One less vendor to deal with and also knowing them for a long time and having a great relationship was the key factor to move …
We have chosen WatchGuard AuthPoint because we are gold partner and we know very well all their products. In the past we have used Safenet but we think that with Watchguard we can get a better solution to protect devices and network. End users don't need to learn difficult …
AuthPoint integrates with our WatchGuard driven security stack, and is therefor the obvious choice. Competitive pricing. One vendor means streamlined implementation and management, streamlined support.
Watchguard integrates easily into active directory which makes it very versatile. There are a lot more options inside of watchguard Authpoint versus DUO mobile authentication. It also works a lot better on end user devices in my opinion. The reliability of both products are top …
We investigated Fortinet IAM but found it costly and complex. Atuthpoint was less expensive, the mobile client was preferred by staff. The cloud console was also easier to use.
The nature of OpenVPN is that the passwords are stored on the firewall and are static. With Single Sign-On, the passwords change on schedule and complexity, length and time are set by Active Directory policy
It has great flexibility with multiple domains, and the ability to sync or not sync passwords between primary and secondary accounts. I'd like to see a more granular set of permissions for the help desk role tied to an OU path rather than a whole directory. You can [create this] by defining multiple directories based on OUs but is less flexible this way.
While I cannot speak of the functionalities that we do not use, the 2nd factor authentication has been great. It's actually secure, I can control it all remotely, users don't mind the extra step, and management feels more at ease knowing that we have full access control. The VPN for remote connections is fast and stable, it stays connected during network oddities and has plenty of bandwidth.
Works well with the free Authpoint client and the OpenVPN clinet.
Token management is simple and hosted completely in the cloud to reduce overall complexity
Setup was simple and and staighforward
Suppports several authentication methods we have used both RADIUS and SAML effectively, but ADFS, IDP, RDWeb, and RESTful API, and other custom apps are supported.
Geofencing for RDP has been very useful as it is independant of our firewall geofencing. This is quite useful for organizations like us who do not Geofence at at the firewall level so as to provide global access to resources on the DMZ.
Help-Desk functionality similar to OneIdentity Self-Service Password Manager, as it provides additional users that do not require administrative access to assist with managing end-users who may have locked themselves out of HyperSocket Access Manager by forgetting their own security questions.
Too many features which become unusable and feel like the payment plans are not flexible since it's an all-in-one product with one price. It is not necessarily a bad thing as most subscription-based pricing forces a buyer to pay more for an integral service that is only available on the highest price-plan. You really do get what you pay for, but we found many of our use-case scenarios limited the product.
This isn't necessarily against the product, just a personal opinion around Multi-Factor authentication which is always primarily driven mobile devices. Not all companies or end-users have access to a multi-factor device, (or in our case, are allowed to have access to a cell phone while servicing members/clients). This creates a shortfall to allow multi-factor functionality to extend to all users unless there are hardware tokens, which can be miss placed or left out more easily as most users don't treat it the same way they would their personal smartphone.
Integration with on-premise AD is not working, even after speaking with the support team, it could not get resolved. There is no better documentation on this topic as well
Integration with Azure AD is not supported without the presence of on-prem AD
Logs information is not precious, it provides a generic code in some cases, making it harder to troubleshoot.
The Watchguard AuthPoint App in AppStore has some issues, after it's activated there is no approval request being sent to the phone, and there is no way to troubleshoot this, the only way to make it work is by uninstalling the app and reinstalling it again.
We are very happy with Authpoint and see no reason to make any change to it. If only there was a policy to set minimum password strength requirements and to force users change their password every xx days, then it would be a 10!!!
After initial setup, it practically runs itself. Onboarding new users is fast and easy as it should be. The AuthPoint mobile app is small and simple to use. The only reason I do not give it a 10 is that I frequently get complaints from end users that the AuthPoint app is "constantly downloading". In fact, it's not downloading anything and that what the users are seeing in the app is a timer for the 6-digit code that changes every minute.
WatchGuard support is always quick and reliable. They have urgency levels that you are able to select when creating your support ticket, and they respond in accordance to the severity that you have set. I have never had an issue with getting someone on the phone in the same business day, even for very low priority issues.
It was an Onsite demo at the ditributor with the benefits of Watchguard Authpoint. Was very nice to see the abilities of the product. This Demo was a few years back, since then Authpoint changed allot. It is very nice for partners that you can get this demo without any aditional cost.
We use the online training for all our employees. There are both sales and technical trainings available and there even is a technical certification. You can use this for the Watchguard Partner Program which can give you aditional benefits. Every now and then you have a webinar that discusses multiple Watchguard products.
the first time it takes more effort. It is helpful to already understand how each authentication type works. Then it's much easier to understand the MFA solution that you implement. It is useful to check the release notes from time to time and update the key parts of the Watchguard Authpoint. Authpoint Gateway, Logon App, RDWeb... Also, it's useful to set up notifications when something goes wrong or sometimes check the statistics of how many requests are being approved/denied, etc.
One Identity is a great self-service password management system, however, it is limited to just that. As it stacks against the competition, Hypersocket isn't modular, it's an all-in-one which most other systems aren't. One Identity is what we use today for self-service, and migrated to KeePass for users centralized password manager. This probably wasn't the best move but this was all driven by cost and budgetary constraints.
WatchGuard AuthPoint is easier to manage on a company-wide scale than Google Authenticator. We do use AuthPoint in conjunction with the Microsoft Authenticator but for different services. WatchGuard also has other features available, like dark web monitoring and device management, should we decide to move further services over to WatchGuard, with Google Authenticator does not have
As with any IT Service or Solution, the investment will always be seen as a sunk cost. The only ROI would be the time and resources spent elsewhere rather than with Password Management through an IT Department or similar department. I found that the time spent on password management was about the same, as many users who are frequently forgetting a password are also forgetting their security question & answers.
There are some positives, as it was able to help manage the bulk of their non-windows passwords or passwords related to another online service. The centralized password manager doesn't feel like a true single sign-on but for most users, it replaces a hand-written copy they have taped to a monitor.
It can help with automating some of the active directory workflows with its own user provisioning functionality. Took more time to set up than it was to manage on its own.
We currently have 300 users on Authpoint, and most of them use insecure passwords. Authpoint gives us peace of mind that we don't have to police individual employee passwords.
In line with the comment above, with so many people in our organization using insecure passwords, I'm sure that Authpoint has already saved us from many potential security breaches.
Security breaches can cost a lot of money. Preventing them saves the company money and helps to achieve our bottom line.