CloudAuth Documentation
General Technical Overview
Firewalls are configured and updated through the cloud web interface.
Agent Communications
The agent communicates with the CloudAuth servers over the https secure web protocol.
The service will attempt to retreive the configuration pre-logon in the local machine context.
The agent will attempt to retrieve its configuration from our severs at:
- agent.cloudauth.ms
- update.cloudauth.ms
- uks1.agent.cloudauth.ms
- uks2.agent.cloudauth.ms
- uks3.agent.cloudauth.ms
- agent.cloudauth.cloudit.software
- update.cloudauth.cloudit.software
The agent service will also automatically attempt to download required prerequisites each time the browser is updated from:
- msedgedriver.azureedge.net
- msedgewebdriverstorage.blob.core.windows.net
Agent Sync
The agent syncs with the CloudAuth servers every 60 minutes, verifying the locally cached configuration firewalls.
To force the agent to sync its configuration on demand, you can run the CloudAuth Helper from "C:\Program Files\CloudAuth\CloudAuthHelper.exe" to trigger an on-demand sync/re-run.
Certificate Hash Validation
The CloudAuthHelper tool can be used with the command parameter queryhash followed by the https URL to find a certificate hash for validation:
"C:\Program Files\CloudAuth\CloudAuthHelper.exe" queryhash https://gateway.filtering.co.uk:4100
Prereq
Locally Trusted SSL
Firewall Rule Allow WG-Auth from Trusted to Firebox 4100
Working - https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/azure-saml_ssl-vpn.html
MFA Bypass on SAML Firebox Application in Entra for truely Seamless
Username and Password Logon to Windows OS (Windows Hello: Pin/Biometrics not supported in current SAML)
Please contact support with any additional queries and we will be more than happy to assist