https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-using-Azure-AD/m-p/205528#M38790 <P>You can create local groups of the form EXT_ID_xxx (where xxx is the name of the group (with same capitalization as) in Azure AD.<BR />See: <A href="https://support.checkpoint.com/results/sk/sk177267" target="_blank">https://support.checkpoint.com/results/sk/sk177267</A>&nbsp;</P> Thu, 08 Feb 2024 23:08:59 GMT PhoneBoy 2024-02-08T23:08:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-using-Azure-AD/m-p/204623#M38588 <P>Hi</P><P>I have tried configuring Azure AD as an Identity provider for Identity Awareness Access rules.</P><P>The Identity Provider object Azure is looking good.</P><P>The Azure AD object gives a green "connected" label when clicking "test connection".</P><P>All looking good. Until...</P><P>When I try to create a new access role and I browse Azure AD for users, the smartconsole throws an error saying "Failed to fetch objects from the Data Center. Please try again soon. If the issue persists, contact Check Point Support".</P><P>If I go to the drop down menu and select our on-prem AD it works as intended.</P><P>Now if I jump back and forth between the two, a couple of times, suddenly Azure AD works, and I am able to see my groups and users in Azure AD.</P><P>I can see the errors and successes in the cpm.elg log, but googling the errors gives me nothing.</P><P>&nbsp;</P><P>When it is able to browse Azure AD i get this info message in the cpm.elg log:</P><P>INFO cloud.connection.GetAllCloudElementsCodeQueryHandler [xxxxxxxxxxxxxx-xxxxxxx]: finished processing.. number of results: 100, totalCount=4314</P><P>&nbsp;</P><P>When it failes I get this error message in the cpm.elg log:</P><P>ERROR cloud.connection.GetAllCloudElementsCodeQueryHandler [xxxxxxxxxxxxxxxx-xxxxxxxx]: failed to execute command. error= at com.checkpoint.management.cloud.connection.GetAllCloudElementsCodeQueryHandler.performRemoteQUery(GetAllCloudElementsCodeQueryHandler.java:48)</P><P>&nbsp;</P><P>If the only issue was a buggy browsing experience, I wouldn't be too bothered, but none of my security policies created using Azure AD groups are working.</P><P>&nbsp;</P><P>How would I go about troubleshooting this issue? Are there other log files which may give me some more insight?</P> Wed, 31 Jan 2024 08:18:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-using-Azure-AD/m-p/204623#M38588 RobinJohnsen89 2024-01-31T08:18:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-using-Azure-AD/m-p/205528#M38790 <P>You can create local groups of the form EXT_ID_xxx (where xxx is the name of the group (with same capitalization as) in Azure AD.<BR />See: <A href="https://support.checkpoint.com/results/sk/sk177267" target="_blank">https://support.checkpoint.com/results/sk/sk177267</A>&nbsp;</P> Thu, 08 Feb 2024 23:08:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-using-Azure-AD/m-p/205528#M38790 PhoneBoy 2024-02-08T23:08:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-using-Azure-AD/m-p/205529#M38791 <P>I will look for great document someone on community sent me couple of years ago and if I find it, will attach.</P> <P>Best,</P> <P>Andy</P> Thu, 08 Feb 2024 23:14:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-using-Azure-AD/m-p/205529#M38791 the_rock 2024-02-08T23:14:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-using-Azure-AD/m-p/205534#M38792 <P>K, got the doc, attached. Hope it helps.</P> <P>Best,</P> <P>Andy</P> Thu, 08 Feb 2024 23:20:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Identity-Awareness-using-Azure-AD/m-p/205534#M38792 the_rock 2024-02-08T23:20:15Z