Applies To: AuthPoint Multi-Factor Authentication, AuthPoint Total Identity Security This topic applies to accounts with an AuthPoint Multi-Factor Authentication license or AuthPoint Total Identity Security license.
Before you can authenticate with AuthPoint, you must activate your token. A token is something that contains information that is used to identify you and associate you with a device.
You can use two types of tokens to authenticate with AuthPoint:
- Software tokens
- Hardware tokens
When you activate a token, AuthPoint sends you an email message to let you know that a token was activated for your user account. If you receive this email message and you did not activate a token, notify your AuthPoint administrator.
To enable you to activate your token from the IdP portal, your AuthPoint administrator must:
- Configure the IdP portal and enable the toggle to allow users to manage their tokens from the IdP portal.
- Configure authentication policies for the IdP portal resource.
If your AuthPoint administrator has not configured the IdP portal, or you do not have an authentication policy for the IdP portal, then you must use the activation email to activate your software token.
For hardware tokens, the IdP portal is required for users to activate their own token. If the IdP portal is not enabled or you do not have permission to manage your tokens from the IdP portal, your AuthPoint administrator must activate your hardware token for you.
Activate a Software Token
You activate a software token on a device that is used for authentication, such as a mobile phone. This device is then used to gain access to protected resources that require multi-factor authentication.
The AuthPoint app must be installed on your mobile device before you activate a mobile token.
There are two ways to activate a token on your mobile device. You can use the link in the Activation email that is sent to you or you can log in to the IdP portal and activate your token from there. You might choose to activate your token from the IdP portal if you do not receive the Activation email or if MFA is required for your email account.
By default, the token activation is valid for seven days. After that, you cannot use the activation link and QR code in the email or IdP portal for activation. To activate your token, you must ask your AuthPoint administrator to resend the token activation email.
When you use a QR code to activate a software token, AuthPoint uses a secure seed generation process that follows the OATH DSKPP standard (RFC 6063) to create your token.
To activate your token from the IdP portal:
- Open a web browser and navigate to the IdP portal. Authenticate to log in
If you navigate to the IdP portal and you do not have an active token, AuthPoint prompts you to activate your token before you log in to the IdP portal.
- Click
and select Activate a Mobile Token.
and select Activate a Mobile Token. 
- Type your password. Click Next.
- Open the AuthPoint app and scan the generated QR code to activate your token.
After you activate your token, you are prompted to set the name and display image for your token. This is optional.
To activate your token with the link in the Activation email:
- Open the Activation email you received. If you did not receive the Activation email or cannot find it, ask your AuthPoint administrator to resend the Activation email.
- Click the activation link in the email.
The Welcome to AuthPoint web page appears, with an Activate link and a QR code. - Activate your token:
- If you opened the web page on your phone, tap the Activate button. This opens the AuthPoint app and activates your token.
- If you opened the web page on your computer, open the AuthPoint app on your phone and tap Activate, then point the camera on your phone at the QR code on your computer screen.
If you have already activated an token, tap
to open the QR code reader. Then point the camera on your phone at the QR code on your computer screen.
to open the QR code reader. Then point the camera on your phone at the QR code on your computer screen. 
After you activate your token, you are prompted to set the name and display image for your token. This is optional.
Tokens are specific to the device they are activated on. If you want to use multiple devices for authentication, you must activate a separate token on each device you plan to use.
Activate a Hardware Token
A hardware token is a physical device with a built-in token that you activate. If your AuthPoint administrator does not activate your hardware token for you, you can log in to the IdP portal and activate your token from there.
To activate your hardware token from the IdP portal:
- Open a web browser and navigate to the IdP portal. Authenticate to log in
If you navigate to the IdP portal and you do not have an active token, AuthPoint prompts you to activate your token before you log in to the IdP portal.
- Click and select Activate a Hardware Token.
- Type your password. Click Next.
- In the Token Serial Number text box, type the serial number shown on your hardware token. On WatchGuard hardware tokens, the serial number is located on the back of the token.
- In the One-Time Password (OTP) text box, type the current one-time password for your token.
- Click Finish.
Related Topics
About the AuthPoint Mobile App
© 2024 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and other countries. Various other trademarks are held by their respective owners.
