https://community.checkpoint.com/t5/Portal/SSO-with-Azure-AD/m-p/89377#M7 <P>Hi Ofer,</P><P>A really needed update though I am still missing more information in regards to meta data and user role assignment in Azure AD.</P><P>I get sign in error like this in Azure.</P><P><SPAN>The signed in user '{user}' is not assigned to a role for the application '{appId}'({appName}).</SPAN></P><P>I have tried to configure Azure AD Manifest file like for Sandblast Mobile SSO.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SSO Manifest settings.png" style="width: 353px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6915i0E72A656658A0D73/image-size/medium?v=v2&amp;px=400" role="button" title="SSO Manifest settings.png" alt="SSO Manifest settings.png" /></span></P><P>&nbsp;</P><P>I know CG SaaS only have two kinds of rules vs. Sandblast Mobile SSO which are "Admin" and "Read-Only"</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Azure AD Manifest file.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6919i73AB4E9C832EDDAC/image-size/medium?v=v2&amp;px=400" role="button" title="Azure AD Manifest file.png" alt="Azure AD Manifest file.png" /></span></P><P>&nbsp;</P><P>Thanks</P><P>Kim</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>&nbsp;</P> Mon, 22 Jun 2020 08:56:57 GMT Kim_Moberg 2020-06-22T08:56:57Z https://community.checkpoint.com/t5/Portal/SSO-with-Azure-AD/m-p/89333#M6 <P>If you use Azure Active Directory as your Identity Provider, you can now use single sign-on (SSO) authentication with the Azure AD to log into the Infinity Portal.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OferY_0-1592777094963.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6905iAAFB5F183C045667/image-size/large?v=v2&amp;px=999" role="button" title="OferY_0-1592777094963.png" alt="OferY_0-1592777094963.png" /></span></P> <P>&nbsp;</P> <P>Azure allows the services hosted on the Infinity Portal to access the portal with the single set of credentials that the user already has.</P> <P>When you activate the SSO with Azure AD, the sign-in page automatically redirects you to the configured AzureAD sign-in page.</P> <P><STRONG>&nbsp;</STRONG></P> <P>For more details see <A href="https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Infinity-Portal-Admin-Guide/Content/Topics-Infinity-Portal-Admin-Guide/SSO-Authorization-Azure.htm?tocpath=Global%20Settings%7CSSO%20Authorization%7C_____1" target="_blank" rel="noopener">Infinity Portal guide</A>.</P> Wed, 23 Jun 2021 05:23:26 GMT https://community.checkpoint.com/t5/Portal/SSO-with-Azure-AD/m-p/89333#M6 OferY 2021-06-23T05:23:26Z https://community.checkpoint.com/t5/Portal/SSO-with-Azure-AD/m-p/89377#M7 <P>Hi Ofer,</P><P>A really needed update though I am still missing more information in regards to meta data and user role assignment in Azure AD.</P><P>I get sign in error like this in Azure.</P><P><SPAN>The signed in user '{user}' is not assigned to a role for the application '{appId}'({appName}).</SPAN></P><P>I have tried to configure Azure AD Manifest file like for Sandblast Mobile SSO.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SSO Manifest settings.png" style="width: 353px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6915i0E72A656658A0D73/image-size/medium?v=v2&amp;px=400" role="button" title="SSO Manifest settings.png" alt="SSO Manifest settings.png" /></span></P><P>&nbsp;</P><P>I know CG SaaS only have two kinds of rules vs. Sandblast Mobile SSO which are "Admin" and "Read-Only"</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Azure AD Manifest file.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/6919i73AB4E9C832EDDAC/image-size/medium?v=v2&amp;px=400" role="button" title="Azure AD Manifest file.png" alt="Azure AD Manifest file.png" /></span></P><P>&nbsp;</P><P>Thanks</P><P>Kim</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>&nbsp;</P> Mon, 22 Jun 2020 08:56:57 GMT https://community.checkpoint.com/t5/Portal/SSO-with-Azure-AD/m-p/89377#M7 Kim_Moberg 2020-06-22T08:56:57Z https://community.checkpoint.com/t5/Portal/SSO-with-Azure-AD/m-p/89706#M8 <P>Hi Kim,</P> <P>&nbsp;</P> <P>Thank you for your time today.</P> <P>As concluded today, the missing piece was the mapping of the Infinity roles ("value" field) to the appRoles in the application Manifest file.</P> <P>You need to define per each Infinity role (Admin/Read-Only) the corresponding Azure application role.</P> <P>Next, you need to assign the role to the user.</P> <P>We are working to update the documentation with the above steps.</P> <P>&nbsp;</P> <P>Best regards,</P> <P>Ofer</P> Wed, 24 Jun 2020 15:43:53 GMT https://community.checkpoint.com/t5/Portal/SSO-with-Azure-AD/m-p/89706#M8 OferY 2020-06-24T15:43:53Z https://community.checkpoint.com/t5/Portal/SSO-with-Azure-AD/m-p/97047#M14 <P><span class="lia-unicode-emoji" title=":thumbs_up:">👍</span></P> Sat, 19 Sep 2020 08:11:42 GMT https://community.checkpoint.com/t5/Portal/SSO-with-Azure-AD/m-p/97047#M14 mats 2020-09-19T08:11:42Z