https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-agent-no-SSO-after-hardening/m-p/120033#M16991 <P>Hi all,</P><P>&nbsp;</P><P>Since we have hardened our Windows 10 systems we noticed that the identity agent is no longer automatically logging in.</P><P>First we thought this had something to do with the network discovery so we've configured the server (gateway) manually within the agent. However no change.</P><P>&nbsp;</P><P>I'm looking for information on the "inner workings" of the agent to find out why the user is not able to SSO directly. We have tested on laptop system with cached credentials still enabled but the same issue occurs.</P> Tue, 01 Jun 2021 07:49:41 GMT Tom_Heesmans 2021-06-01T07:49:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-agent-no-SSO-after-hardening/m-p/120033#M16991 <P>Hi all,</P><P>&nbsp;</P><P>Since we have hardened our Windows 10 systems we noticed that the identity agent is no longer automatically logging in.</P><P>First we thought this had something to do with the network discovery so we've configured the server (gateway) manually within the agent. However no change.</P><P>&nbsp;</P><P>I'm looking for information on the "inner workings" of the agent to find out why the user is not able to SSO directly. We have tested on laptop system with cached credentials still enabled but the same issue occurs.</P> Tue, 01 Jun 2021 07:49:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-agent-no-SSO-after-hardening/m-p/120033#M16991 Tom_Heesmans 2021-06-01T07:49:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-agent-no-SSO-after-hardening/m-p/120066#M16992 <P>What precise steps did you take to harden Windows 10?<BR />Tagging&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8232">@Royi_Priov</a>&nbsp;also.</P> Tue, 01 Jun 2021 13:43:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-agent-no-SSO-after-hardening/m-p/120066#M16992 PhoneBoy 2021-06-01T13:43:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-agent-no-SSO-after-hardening/m-p/120067#M16993 <P>We did a lot, &lt;correction&gt; we applied CIS level 1.</P> Tue, 01 Jun 2021 14:44:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-agent-no-SSO-after-hardening/m-p/120067#M16993 Tom_Heesmans 2021-06-01T14:44:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-agent-no-SSO-after-hardening/m-p/120302#M17040 <P>I suggest checking this thread:<BR /><A href="https://community.checkpoint.com/t5/Management/When-will-AES-256-AES-128-Kerberos-cipher-suites-finally-be/td-p/2941" target="_blank">https://community.checkpoint.com/t5/Management/When-will-AES-256-AES-128-Kerberos-cipher-suites-finally-be/td-p/2941</A></P> <P>I guess your hardening disabled some legacy ciphers for Kerberos on your clients, so you have to adjust Identity Awareness config to use modern ciphers your client still supports.</P> <P><A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/IDAG/pdp-auth.htm" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/IDAG/pdp-auth.htm</A></P> <P>&nbsp;</P> Thu, 03 Jun 2021 14:51:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-agent-no-SSO-after-hardening/m-p/120302#M17040 Tobias_Moritz 2021-06-03T14:51:53Z