AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens Installation and Upgrading Configuration Token Management How to Log In Troubleshooting


To do 2-factor authentication with the Watchguard SSL VPN:

  • If you are using YubiKeys, they must be programmed with short IDs, because Watchguard dialogs truncate at 63 characters. For example our normal 16 byte IDs lead to YubiKey strings that are 64 characters, which is already too large and also leaves no room for password entry.  To use YubiKeys in the password field, if your YubiKeys are using 3 byte IDs, the YubiKey string will be 38 characters, leaving 25 for password entry.
  • Your Watchguard must be set to authenticate with RADIUS (LDAP must not be used with Watchguard, to prevent a problem where passwords could get logged by AuthLite inadvertently believing they were usernames)
  • Your domain needs one or more member servers or DCs running the Network Policy Service
  • The NPS radius client and network policy must be set up correctly (including a Filter-ID)
  • AuthLite must be installed on the system(s) running your NPS,
  • The AuthLite NPS plugin must be enabled.

The following steps will describe the above items in greater detail.