https://community.checkpoint.com/t5/Firewall-and-Security-Management/Simplifying-Zero-Trust-Security-with-Infinity-Identity-Video/m-p/231275#M44559 <P>Slides are posted below the Q&amp;A, which is posted below the video:</P> <P><div class="lia-vid-container video-embed-center"><div id="lia-vid-6364002812112w1290h540r489" class="lia-video-brightcove-player-container"><video-js data-video-id="6364002812112" data-account="6058022097001" data-player="default" data-embed="default" class="vjs-fluid" controls="" data-application-id="" style="width: 100%; height: 100%;"></video-js></div><script src="https://players.brightcove.net/6058022097001/default_default/index.min.js"></script><script>(function() { var wrapper = document.getElementById('lia-vid-6364002812112w1290h540r489'); var videoEl = wrapper ? wrapper.querySelector('video-js') : null; if (videoEl) { if (window.videojs) { window.videojs(videoEl).ready(function() { this.on('loadedmetadata', function() { this.el().querySelectorAll('.vjs-load-progress div[data-start]').forEach(function(bar) { bar.setAttribute('role', 'presentation'); bar.setAttribute('aria-hidden', 'true'); }); }); }); } }})();</script><a class="video-embed-link" href="https://community.checkpoint.com/t5/video/gallerypage/video-id/6364002812112">(view in My Videos)</a></div></P> <H3>Is this working with Quantum Spark SMB Gateways?</H3> <P>Not currently.</P> <H3>Is it a full IdP solution?</H3> <P>Infinity Identity is for integrating with Identity Provider solutions. It is not an Identity Provider on its own.&nbsp;</P> <H3>Any UEBA features included?</H3> <P>We plan to integrate this information provided through the Identity Provider in the future.</P> <H3>What are the requirements to use Infinity Identity?</H3> <P>During the Early Availability phase:</P> <UL> <LI>R82 Management&nbsp;</LI> <LI>R81.20 JHF 65 Gateways</LI> </UL> <P>We will integrate support into future JHF</P> <H3>Does the new captive portal support multiple authentication methods, where the user can choose?</H3> <P>This will be possible in the near future.</P> <H3>Infinity Identity require any additional licenses???</H3> <P>No cost during EA phase. Cost (if any) is still under discussion.</P> <P>live answered</P> <H3>Will be same "seamless integration" available for Cisco ISE?</H3> <P>Not initially. We're looking to integrate additional source of identity. If you have specific requests in this area, please reach out to&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8232">@Royi_Priov</a>.</P> <H3>Will there still be a need for the Identity Agent? How will identities be captured on the macOS side with the Identity Agent?</H3> <P>For Microsoft Intune and/or Windows Defender, we can integrate without a specific agent. In other cases, Identity Agents will still be needed.</P> <P>Note that Harmony Endpoint and Harmony SASE will be supported as an identity source in the future.</P> <H3>Are these IdPs exclusive to Infinity Identity? Will it come for on-prem environment?</H3> <P>The IdPs should also work for entirely on-premise environments, however the level of integration will be significantly improved using Infinity Identity.</P> <H3>Is there a specific integration with Entra ID, like user object score check if a user score below 80, do not give access through the firewall rulebase?</H3> <P>This is planned.</P> <H3>Are multiple Entra-ID tenants are supported?</H3> <P>Yes</P> <H3>Will identity information from the Identity Infinity be available via API?</H3> <P>Not currently. The Identity Awareness API currently queries pdp, whereas Infinity Identity talks directly to pep.&nbsp;</P> <H3>How does Infinity Identity acquire identities from Intune/Defender clients?</H3> <P>Though a management-side integration (i.e. it's not exposed on the client).</P> <H3>How will be the transition from classical AzureAD integration to Infinity ID occur?</H3> <P>Infinity Identity is another identity source that can be used alongside your existing methods.</P> <H3>How many (concurrent) users are supported during EA?</H3> <P>The limiting factor is the number of identities a single gateway can support (200,000).&nbsp;</P> <H3>Can the solution cope with dual stack IPv4 and IPv6?</H3> <P>This is planned.</P> <H3>Is connectivity from Infinity Portal to on prem AD handled via inext-agent (nano)?</H3> <P>Yes</P> <H3>Is group membership cached or is checked for every packet?</H3> <P>Cached. However, we periodically update the group information from the IdP (either poll or push depending on configuration).</P> <H3>Is this supported on Smart-1 Cloud?</H3> <P>One tenants are upgrade to R82, this should be supported.</P> <H3>Is there an on-premise Infinity Identity server planned in the future or only in the cloud?</H3> <P>Infinity Identity is hosted in Infinity Portal. The IdPs supported (outside of on-prem AD) are in the cloud already.</P> <H3>Could you use machine objects (in the access roles) or only users with EntraID/Intune integration?</H3> <P>Yes, these should be included.</P> <H3>Can i add IDP that are not in the default list?</H3> <P>There is an option to configure Generic SAML. However, you will not get the group information from Generic SAML.</P> <H3>How can I participate in the Early Availability for Infinity Identity?</H3> <P>Reach out to&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8232">@Royi_Priov</a>&nbsp;(<A href="mailto:royip@checkpoint.com" target="_blank" rel="noopener">royip@checkpoint.com</A>)</P> Wed, 30 Oct 2024 22:09:11 GMT PhoneBoy 2024-10-30T22:09:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Simplifying-Zero-Trust-Security-with-Infinity-Identity-Video/m-p/231275#M44559 <P>Slides are posted below the Q&amp;A, which is posted below the video:</P> <P><div class="lia-vid-container video-embed-center"><div id="lia-vid-6364002812112w1290h540r587" class="lia-video-brightcove-player-container"><video-js data-video-id="6364002812112" data-account="6058022097001" data-player="default" data-embed="default" class="vjs-fluid" controls="" data-application-id="" style="width: 100%; height: 100%;"></video-js></div><script src="https://players.brightcove.net/6058022097001/default_default/index.min.js"></script><script>(function() { var wrapper = document.getElementById('lia-vid-6364002812112w1290h540r587'); var videoEl = wrapper ? wrapper.querySelector('video-js') : null; if (videoEl) { if (window.videojs) { window.videojs(videoEl).ready(function() { this.on('loadedmetadata', function() { this.el().querySelectorAll('.vjs-load-progress div[data-start]').forEach(function(bar) { bar.setAttribute('role', 'presentation'); bar.setAttribute('aria-hidden', 'true'); }); }); }); } }})();</script><a class="video-embed-link" href="https://community.checkpoint.com/t5/video/gallerypage/video-id/6364002812112">(view in My Videos)</a></div></P> <H3>Is this working with Quantum Spark SMB Gateways?</H3> <P>Not currently.</P> <H3>Is it a full IdP solution?</H3> <P>Infinity Identity is for integrating with Identity Provider solutions. It is not an Identity Provider on its own.&nbsp;</P> <H3>Any UEBA features included?</H3> <P>We plan to integrate this information provided through the Identity Provider in the future.</P> <H3>What are the requirements to use Infinity Identity?</H3> <P>During the Early Availability phase:</P> <UL> <LI>R82 Management&nbsp;</LI> <LI>R81.20 JHF 65 Gateways</LI> </UL> <P>We will integrate support into future JHF</P> <H3>Does the new captive portal support multiple authentication methods, where the user can choose?</H3> <P>This will be possible in the near future.</P> <H3>Infinity Identity require any additional licenses???</H3> <P>No cost during EA phase. Cost (if any) is still under discussion.</P> <P>live answered</P> <H3>Will be same "seamless integration" available for Cisco ISE?</H3> <P>Not initially. We're looking to integrate additional source of identity. If you have specific requests in this area, please reach out to&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8232">@Royi_Priov</a>.</P> <H3>Will there still be a need for the Identity Agent? How will identities be captured on the macOS side with the Identity Agent?</H3> <P>For Microsoft Intune and/or Windows Defender, we can integrate without a specific agent. In other cases, Identity Agents will still be needed.</P> <P>Note that Harmony Endpoint and Harmony SASE will be supported as an identity source in the future.</P> <H3>Are these IdPs exclusive to Infinity Identity? Will it come for on-prem environment?</H3> <P>The IdPs should also work for entirely on-premise environments, however the level of integration will be significantly improved using Infinity Identity.</P> <H3>Is there a specific integration with Entra ID, like user object score check if a user score below 80, do not give access through the firewall rulebase?</H3> <P>This is planned.</P> <H3>Are multiple Entra-ID tenants are supported?</H3> <P>Yes</P> <H3>Will identity information from the Identity Infinity be available via API?</H3> <P>Not currently. The Identity Awareness API currently queries pdp, whereas Infinity Identity talks directly to pep.&nbsp;</P> <H3>How does Infinity Identity acquire identities from Intune/Defender clients?</H3> <P>Though a management-side integration (i.e. it's not exposed on the client).</P> <H3>How will be the transition from classical AzureAD integration to Infinity ID occur?</H3> <P>Infinity Identity is another identity source that can be used alongside your existing methods.</P> <H3>How many (concurrent) users are supported during EA?</H3> <P>The limiting factor is the number of identities a single gateway can support (200,000).&nbsp;</P> <H3>Can the solution cope with dual stack IPv4 and IPv6?</H3> <P>This is planned.</P> <H3>Is connectivity from Infinity Portal to on prem AD handled via inext-agent (nano)?</H3> <P>Yes</P> <H3>Is group membership cached or is checked for every packet?</H3> <P>Cached. However, we periodically update the group information from the IdP (either poll or push depending on configuration).</P> <H3>Is this supported on Smart-1 Cloud?</H3> <P>One tenants are upgrade to R82, this should be supported.</P> <H3>Is there an on-premise Infinity Identity server planned in the future or only in the cloud?</H3> <P>Infinity Identity is hosted in Infinity Portal. The IdPs supported (outside of on-prem AD) are in the cloud already.</P> <H3>Could you use machine objects (in the access roles) or only users with EntraID/Intune integration?</H3> <P>Yes, these should be included.</P> <H3>Can i add IDP that are not in the default list?</H3> <P>There is an option to configure Generic SAML. However, you will not get the group information from Generic SAML.</P> <H3>How can I participate in the Early Availability for Infinity Identity?</H3> <P>Reach out to&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8232">@Royi_Priov</a>&nbsp;(<A href="mailto:royip@checkpoint.com" target="_blank" rel="noopener">royip@checkpoint.com</A>)</P> Wed, 30 Oct 2024 22:09:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Simplifying-Zero-Trust-Security-with-Infinity-Identity-Video/m-p/231275#M44559 PhoneBoy 2024-10-30T22:09:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Simplifying-Zero-Trust-Security-with-Infinity-Identity-Video/m-p/231330#M44587 <P>Thanks for this exciting opportunity to share Infinity Identity.</P> <P>To join our EA program or if you have any additional questions, don't hesitate to contact me.</P> Thu, 31 Oct 2024 08:38:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Simplifying-Zero-Trust-Security-with-Infinity-Identity-Video/m-p/231330#M44587 Royi_Priov 2024-10-31T08:38:07Z