https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217151#M36199 <P>Hi Mates,</P> <P>I have configured Azure saml authentication for remote access vpn. During testing, We are getting "Negotiation with site is failed" error message on client side and "user does not belong to remote access community" in smart console.</P> <P>When I changed remote access vpn community participating group to "all user", we are able to authenticate for remote vpn using saml.</P> <P>Question here is, can I map Azure identity provider group in remote access community participating group? because it does not show any identity provider group when I try to add in participating group. Or I need to keep "All user" in participating group?</P> <P>&nbsp;</P> Tue, 11 Jun 2024 17:08:52 GMT Gaurav_Pandya 2024-06-11T17:08:52Z https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217151#M36199 <P>Hi Mates,</P> <P>I have configured Azure saml authentication for remote access vpn. During testing, We are getting "Negotiation with site is failed" error message on client side and "user does not belong to remote access community" in smart console.</P> <P>When I changed remote access vpn community participating group to "all user", we are able to authenticate for remote vpn using saml.</P> <P>Question here is, can I map Azure identity provider group in remote access community participating group? because it does not show any identity provider group when I try to add in participating group. Or I need to keep "All user" in participating group?</P> <P>&nbsp;</P> Tue, 11 Jun 2024 17:08:52 GMT https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217151#M36199 Gaurav_Pandya 2024-06-11T17:08:52Z https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217172#M36205 <P>Create groups as described here:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk177267" target="_blank">https://support.checkpoint.com/results/sk/sk177267</A></P> Tue, 11 Jun 2024 18:43:20 GMT https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217172#M36205 PhoneBoy 2024-06-11T18:43:20Z https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217174#M36207 <P>The sk Phoneboy gave you is definitely good place to start. One of my colleagues and I had to do this for a large customer.</P> Tue, 11 Jun 2024 19:11:49 GMT https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217174#M36207 the_rock 2024-06-11T19:11:49Z https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217182#M36208 <P>I attached a doc that hopefully is helpful to you.</P> <P>Andy</P> Tue, 11 Jun 2024 19:26:15 GMT https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217182#M36208 the_rock 2024-06-11T19:26:15Z https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217252#M36222 <P>Thanks, Phoneboy. I have already created and tested with group name EXT_ID_ with no luck. I will verify configuration with Azure administrator.</P> Wed, 12 Jun 2024 08:20:13 GMT https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217252#M36222 Gaurav_Pandya 2024-06-12T08:20:13Z https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217253#M36223 <P>Thanks&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/38213">@the_rock</a>&nbsp;for sharing document. I will verify.</P> Wed, 12 Jun 2024 08:20:56 GMT https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217253#M36223 Gaurav_Pandya 2024-06-12T08:20:56Z https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217263#M36226 <P>Hope it really helps you, as we always follow it and works fine. Let me know if any issues.</P> Wed, 12 Jun 2024 11:10:39 GMT https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217263#M36226 the_rock 2024-06-12T11:10:39Z https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217728#M36289 <P>We have followed sk177267 &amp; sk172909 to define group in Azure. Still, it was not working, Lastly, we have configured each group has its own role which you mentioned in supplementary instruction document (Undocumented step – CRUCIAL). It did the trick. Now it is working as expected.&nbsp;</P> <P>Thanks again for sharing&nbsp;supplementary instruction document.</P> Mon, 17 Jun 2024 10:39:57 GMT https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217728#M36289 Gaurav_Pandya 2024-06-17T10:39:57Z https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217729#M36290 <P>I agree, thats super important step. My colleague and I got that from Azure documentation, I will write a feedback about it in the sk.</P> <P>Best,</P> <P>Andy</P> Mon, 17 Jun 2024 10:42:58 GMT https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217729#M36290 the_rock 2024-06-17T10:42:58Z https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217746#M36292 <P>Okay, just submitted a feedback.</P> <P>Andy</P> Mon, 17 Jun 2024 11:56:59 GMT https://community.checkpoint.com/t5/General-Topics/Remote-access-community-participating-group-using-Azure-saml/m-p/217746#M36292 the_rock 2024-06-17T11:56:59Z