https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257126#M496 <P>Sorry I did not take video, because of customer's info, but screenshots helped, glad to hear.</P> <P>Do NOT feel like a dork, happens man, we are here to help one another and yes, you can change that value you mentioned, but depends on your identity provider.</P> <P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-VPNRG/SAML-Support-for-Remote-Access-VPN.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-VPNRG/SAML-Support-for-Remote-Access-VPN.htm</A></P> <P>Andy</P> Thu, 11 Sep 2025 18:28:35 GMT the_rock 2025-09-11T18:28:35Z https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257118#M492 <P>Hey all,</P> <P>For customers with Smart-1 Cloud, are we somehow able to use GUIDBedit to modify internal parameters like the ones for SAML VPN? &nbsp;AFAIK, GUIDBedit won't use the Infinity Portal token login like SmartConsole.</P> <P>Does anyone know what would be the right way to set parameters like do_ldap_fetch and do_internal_fetch for SAML?</P> <P>Thanks!</P> <P>&nbsp;</P> Thu, 11 Sep 2025 16:29:54 GMT https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257118#M492 Duane_Toler 2025-09-11T16:29:54Z https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257121#M493 <P>You can use guidbedit, I will send the video later <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Andy</P> Thu, 11 Sep 2025 17:14:28 GMT https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257121#M493 the_rock 2025-09-11T17:14:28Z https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257122#M494 Thu, 11 Sep 2025 17:20:59 GMT https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257122#M494 the_rock 2025-09-11T17:20:59Z https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257123#M495 <P>Oh geez.. 🤦🏻‍<span class="lia-unicode-emoji" title=":male_sign:">♂️</span></P> <P>I feel like a dork. <span class="lia-unicode-emoji" title=":face_with_tears_of_joy:">😂</span></P> Thu, 11 Sep 2025 17:34:49 GMT https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257123#M495 Duane_Toler 2025-09-11T17:34:49Z https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257126#M496 <P>Sorry I did not take video, because of customer's info, but screenshots helped, glad to hear.</P> <P>Do NOT feel like a dork, happens man, we are here to help one another and yes, you can change that value you mentioned, but depends on your identity provider.</P> <P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-VPNRG/SAML-Support-for-Remote-Access-VPN.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-VPNRG/SAML-Support-for-Remote-Access-VPN.htm</A></P> <P>Andy</P> Thu, 11 Sep 2025 18:28:35 GMT https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257126#M496 the_rock 2025-09-11T18:28:35Z https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257139#M497 <P>Btw, here is what it says online..</P> <P><SPAN data-huuid="3371323345351622406">To correctly set&nbsp;<CODE class="mv6bHd">do_ldap_fetch</CODE>&nbsp;and&nbsp;<CODE class="mv6bHd">do_internal_fetch</CODE>&nbsp;parameters for SAML, you should set&nbsp;<CODE class="mv6bHd">do_generic_fetch</CODE>&nbsp;to&nbsp;<CODE class="mv6bHd">false</CODE>&nbsp;if using an on-premises LDAP directory to use the SAML identity provider for fetching user attributes, and set&nbsp;<CODE class="mv6bHd">do_internal_fetch</CODE>&nbsp;to&nbsp;<CODE class="mv6bHd">false</CODE>&nbsp;if you are not using an on-premises LDAP and instead rely solely on the identity provider.&nbsp;</SPAN><SPAN data-huuid="3371323345351620043">The key is to disable the general fetch or the internal fetch to ensure the SAML information is the primary source for user data.<SPAN class="pjBG2e" data-cid="ba4447f1-1cd4-4acf-bb18-c90a6bbb7896"><SPAN class="UV3uM">&nbsp;</SPAN></SPAN></SPAN></P> Fri, 12 Sep 2025 00:04:59 GMT https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257139#M497 the_rock 2025-09-12T00:04:59Z https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257141#M498 <P>Yep! &nbsp;I’ll be configuring this with a customer that doesn’t have a Windows AD nor internal LDAP server for any user directory info. They only have Entra ID and O365 user accounts. I plan to use identity agent on their PCs and locally defined groups and access roles.</P> <P><SPAN>VPN users will use SAML for Azure MFA.</SPAN></P> <P>It’s going to be quite an interesting configuration! Might even end up with some Identity API scripts on some internal-only Linux hosts. &nbsp;<span class="lia-unicode-emoji" title=":grinning_squinting_face:">😆</span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 12 Sep 2025 00:16:42 GMT https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257141#M498 Duane_Toler 2025-09-12T00:16:42Z https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257142#M499 <P>O yea, go for it!</P> Fri, 12 Sep 2025 00:28:40 GMT https://community.checkpoint.com/t5/Portal/Smart-1-Cloud-SAML-VPN-do-ldap-fetch-and-do-internal-fetch/m-p/257142#M499 the_rock 2025-09-12T00:28:40Z