Microsoft Entra ID (formerly Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution supporting restricted access to applications with Azure Multi-Factor Authentication (MFA) built-in, single sign-on (SSO), B2B collaboration controls, self-service password, and integration with Microsoft productivity and cloud storage (Office 365, OneDrive, etc) as well as 3rd party services.
$6
per user/per month
WatchGuard AuthPoint
Score 9.1 out of 10
N/A
AuthPoint Total Identity Security provides businesses with a solution to protect user accounts and credentials. With
multi-factor authentication and dark web credential
monitoring, AuthPoint mitigates the risks associated with workforce credential
attacks. AuthPoint adds an extra layer of security by monitoring for
potential credential exposure in the dark web for both personal and corporate
accounts.
Google Workspace is really pretty much the only other primary competitor. And again, Microsoft has just been the standard for so many years and it was in place at the organization when I was first brought on at the beginning of my tenure. And so it didn't seem logical to switch …
Yeah, so basically that product to be honest, was more of a getting comfortable with cloud identification management. So that was a product I used. It has all the policies for desktops and doing updates and all that central directory identity provisioning stuff for users. Users …
We use DUO as another IDP solution and we also evaluated Okta as a solution. We didn't have a choice to be honest, because Microsoft products, you can't get away with it, but it's built in and a bunch of other providers have it as authentication, so it's great.
We've used other Microsoft products and we've also used some standalone products, like each application you can have its own identity, so we've looked at some of those too, but we try to use the Entra ID as much as possible because it offers a wider range of reliability.
We actually did just the Microsoft Active directory, so we picked the actual. We did just pure active directory. I mean the open LDAP stuff, but it didn't quite work that well.
I think the closest one would be because we recently went through an implementation, but Salesforce has their own version of a signal sign-on product. It's not the same. I'd say that it works, but it doesn't give you as much functionality.
For us, it was a natural evolution of our use of active directory. As we went from on-premises to the cloud, this was an easy extension of our authentication infrastructure. We looked at other products from Oracle, so Oracle ID, Oracle Identity Management. We looked at pink …
We used Google before, but we tried to use it but it didn't. We didn't like it. I'll this is better. It integrates better with our environment that we have right now.
We're Microsoft dedicated. We do however, displace other products that do similar things, so a lot of third party products, so even like Okta. In my opinion, it's just equally as powerful or more powerful of a product and it has a way better price point for customers. I think …
I'd love to tell you about Amazon IM and Google's IM because they suck and they tell you to use Entra ID, factually. They're like, oh cool, set it up with Entra ID. They just know you're going to do it. I don't think you guys have a competitor, to be honest. You just don't.
We're a Microsoft Native shop, so we're looking at Okta's identity tool, SailPoint and a few other competitors of Venture id. And we decided to go with this one because we're already using Active Directory, so just using the native Microsoft Suites kind of just they integrate …
Well, it's natively integrated with all Microsoft Stack, so it comes very handy when you need to, for example, use it for Intune Association, et cetera, so it's very handy.
Previously we had worked with Okta, which was kind of using our replacement for active directory server, and I know that has integrations, but we ended up just going with Entra ID just for the ease of access and without having to stack on an additional third party application …
In our application use case, it's kind of unique and there isn't any like for if there's anything on the identity space, probably Okta. Yeah. But we do both use them and we have integration with Okta and Entra ID, so it works for us very well.
Microsoft Login ID was chosen for its ease of use and availability of access via any device. Unlike the old Active Directory, it has a low learning curve and is very intuitive for analysts who are using it for the first time.
We use different 2FA providers to secure different things. We are actively using Duo now, as well as WatchGuard AuthPoint. Each provider has different strengths, and you must test the applicability of a service in your own environment.
Started looking at Yubikeys and RSA, but WatchGuard AuthPoint had complete package instead of piecemealing tokens with one vendor and then using softkeys from Microsoft or another vendor.
The biggest reason we selected Watchguard was support. We already use Watchguard firewall products and have received excellent support from our third-party vendor, Watchguard.
If you already have WatchGuard firewall, this just integrates a lot better than any other product. We tried Microsoft Authenticator but not nearly as seemless for the experience as it is with WatchGuard AuthPoint. It is all built into the same portal as the firewall and can be …
WatchGuard AuthPoint is less expensive than most competitors, easier to manage through WatchGuard Cloud, and the MFA solutions is rock solid and secure. We do not worry about vulnerabilities with WatchGuard AuthPoint.
We reviewed and tested Duo, but having already WatchGuard products, and WatchGuard AuthPoint also having more capabilities, we ended up with them. One less vendor to deal with and also knowing them for a long time and having a great relationship was the key factor to move …
We have chosen WatchGuard AuthPoint because we are gold partner and we know very well all their products. In the past we have used Safenet but we think that with Watchguard we can get a better solution to protect devices and network. End users don't need to learn difficult …
AuthPoint integrates with our WatchGuard driven security stack, and is therefor the obvious choice. Competitive pricing. One vendor means streamlined implementation and management, streamlined support.
Watchguard integrates easily into active directory which makes it very versatile. There are a lot more options inside of watchguard Authpoint versus DUO mobile authentication. It also works a lot better on end user devices in my opinion. The reliability of both products are top …
We investigated Fortinet IAM but found it costly and complex. Atuthpoint was less expensive, the mobile client was preferred by staff. The cloud console was also easier to use.
The nature of OpenVPN is that the passwords are stored on the firewall and are static. With Single Sign-On, the passwords change on schedule and complexity, length and time are set by Active Directory policy
For one, a significant factor for us is that it is integrated with HelloID, which gives us, as the IT department, a lot of time back because we don’t need to create user accounts manually. It is great for the roles we have defined, as they can be used repeatedly. A great feature is that guest accounts can be created for external users; we only need to be in a closed area of your domain.
While I cannot speak of the functionalities that we do not use, the 2nd factor authentication has been great. It's actually secure, I can control it all remotely, users don't mind the extra step, and management feels more at ease knowing that we have full access control. The VPN for remote connections is fast and stable, it stays connected during network oddities and has plenty of bandwidth.
It addresses the issue of identity management very well with respect to putting in that multi authentication.
It can also support with respect to we can push these policies into another product that is not Microsoft, but it needs that SSO so we can have one account going into multi different accounts. I think that's the biggest pros and the easy use of Microsoft 365 also is one of those pros also in terms of administration.
Works well with the free Authpoint client and the OpenVPN clinet.
Token management is simple and hosted completely in the cloud to reduce overall complexity
Setup was simple and and staighforward
Suppports several authentication methods we have used both RADIUS and SAML effectively, but ADFS, IDP, RDWeb, and RESTful API, and other custom apps are supported.
Geofencing for RDP has been very useful as it is independant of our firewall geofencing. This is quite useful for organizations like us who do not Geofence at at the firewall level so as to provide global access to resources on the DMZ.
Well, I'm an active ad admin, so there's a lot of features in active directory that Entra ID seems to be just adding now. We're kind of figuring out that the policies are different than Entra ID that they were in active directory and we're finding other products to do that, like Azure policy. Some things I'm used to seeing in identity products or like active directory aren't in Entra iID, but are doing good job of managing stuff that it does so far.
Integration with on-premise AD is not working, even after speaking with the support team, it could not get resolved. There is no better documentation on this topic as well
Integration with Azure AD is not supported without the presence of on-prem AD
Logs information is not precious, it provides a generic code in some cases, making it harder to troubleshoot.
The Watchguard AuthPoint App in AppStore has some issues, after it's activated there is no approval request being sent to the phone, and there is no way to troubleshoot this, the only way to make it work is by uninstalling the app and reinstalling it again.
Entra ID is a vital part of our Identity management/administration. With the integrations it has to other Microsoft products, setup and configuration is a breeze. Additionally, Microsoft has been around a long time and have the resources to ensure this product is stable and secure for many years to come. We know it will evolve with time to provide us what we need as technology changes.
We are very happy with Authpoint and see no reason to make any change to it. If only there was a policy to set minimum password strength requirements and to force users change their password every xx days, then it would be a 10!!!
Very easily usable. It could be easier to use. Implementation was kind of tricky. We do run a hybrid environment, so we're syncing a local active directory instance with Entra ID, so that could be a little tricky. But outside of that, if you're not running a hybrid deployment or a version of Entra ID usually, it's pretty straightforward.
After initial setup, it practically runs itself. Onboarding new users is fast and easy as it should be. The AuthPoint mobile app is small and simple to use. The only reason I do not give it a 10 is that I frequently get complaints from end users that the AuthPoint app is "constantly downloading". In fact, it's not downloading anything and that what the users are seeing in the app is a timer for the 6-digit code that changes every minute.
Microsoft has offered Azure Active Directory as a solution for a couple of decades now, so they have seen and anticipated almost any issue that an organization may face and can therefore help. The cloud offering of Azure Active Directory offers some additional "self healing" or monitoring services that can minimize the need for a service call. However, as with most large companies supporting a fast growing market, there may be some gaps in service knowledge (and particularly processing) from the front line / tier one staff as they follow a corporate script at first contact.
WatchGuard support is always quick and reliable. They have urgency levels that you are able to select when creating your support ticket, and they respond in accordance to the severity that you have set. I have never had an issue with getting someone on the phone in the same business day, even for very low priority issues.
It was an Onsite demo at the ditributor with the benefits of Watchguard Authpoint. Was very nice to see the abilities of the product. This Demo was a few years back, since then Authpoint changed allot. It is very nice for partners that you can get this demo without any aditional cost.
We use the online training for all our employees. There are both sales and technical trainings available and there even is a technical certification. You can use this for the Watchguard Partner Program which can give you aditional benefits. Every now and then you have a webinar that discusses multiple Watchguard products.
Make sure you use a good partner. Our implementation was a bit longer and more problematic than we expected. Our partner got it done, but, in my opinion, some of their inexperience and staffing issues were evident.
the first time it takes more effort. It is helpful to already understand how each authentication type works. Then it's much easier to understand the MFA solution that you implement. It is useful to check the release notes from time to time and update the key parts of the Watchguard Authpoint. Authpoint Gateway, Logon App, RDWeb... Also, it's useful to set up notifications when something goes wrong or sometimes check the statistics of how many requests are being approved/denied, etc.
Microsoft Entra ID is not as stand-alone product as competitors like Okta. It may lack some of the features that competing products have but on the other hand it integrates both technically and license wise with other Microsoft cloud services and is easy to deploy. It is also the easiest way to extend identity management to the cloud if you already have Microsoft Active Directory in use.
WatchGuard AuthPoint is easier to manage on a company-wide scale than Google Authenticator. We do use AuthPoint in conjunction with the Microsoft Authenticator but for different services. WatchGuard also has other features available, like dark web monitoring and device management, should we decide to move further services over to WatchGuard, with Google Authenticator does not have
I don't know if I can really quantify that. It's one of those products that just exists and so there's not a whole lot of changes that we need to make with the product. And so I guess in terms of value, what we get is we don't have to worry about the identity management piece. We know that that's taken care of.
We currently have 300 users on Authpoint, and most of them use insecure passwords. Authpoint gives us peace of mind that we don't have to police individual employee passwords.
In line with the comment above, with so many people in our organization using insecure passwords, I'm sure that Authpoint has already saved us from many potential security breaches.
Security breaches can cost a lot of money. Preventing them saves the company money and helps to achieve our bottom line.