https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-authentication-scheme-restriction/m-p/75738#M11426 <P>Hi,</P><P>We're using Mobile Access to let employees connect to the office. We use both Checkpoint mobile with certificate and SSL-VPN with a physical token.</P><P>We implemented a new authentication scheme of Username Password (ldap) + DynamicID (sms) and it's working fine.</P><P>However, we&nbsp;<SPAN>would like to only allow selected users to be able to use this auth scheme, based on groups from Active Directory.</SPAN></P><P><SPAN>How can we accomplish that?</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Sun, 23 Feb 2020 09:56:42 GMT Jonathan 2020-02-23T09:56:42Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-authentication-scheme-restriction/m-p/75738#M11426 <P>Hi,</P><P>We're using Mobile Access to let employees connect to the office. We use both Checkpoint mobile with certificate and SSL-VPN with a physical token.</P><P>We implemented a new authentication scheme of Username Password (ldap) + DynamicID (sms) and it's working fine.</P><P>However, we&nbsp;<SPAN>would like to only allow selected users to be able to use this auth scheme, based on groups from Active Directory.</SPAN></P><P><SPAN>How can we accomplish that?</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Sun, 23 Feb 2020 09:56:42 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-authentication-scheme-restriction/m-p/75738#M11426 Jonathan 2020-02-23T09:56:42Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-authentication-scheme-restriction/m-p/76411#M11427 In order to map a user to a user group, the user must complete authentication first.<BR />Meanwhile, in order to customize the authentication flow per user group, we must know it before authentication completes.<BR />Bit of a "chicken and egg" problem.<BR /><BR />Perhaps you can leverage 'Protection Levels' which can bind certain applications to certain authentication methods. Tue, 25 Feb 2020 23:37:31 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Mobile-Access-authentication-scheme-restriction/m-p/76411#M11427 PhoneBoy 2020-02-25T23:37:31Z