topic Re: Harmony Connect Identity Provider - ADFS in SASE and Remote Access

Harmony Connect Identity Provider - ADFS

Pedro_Sentinela — Tue, 21 Jun 2022 17:20:10 GMT

Hi, how are you? could someone help me with a problem? I'm experiencing an issue related to the Identity Provider in Harmony Connect. The idea is simple, is to use ADFS groups to limit who can access applications created in Harmony.

But what happens is that not all AD groups were taken to Harmony and those that are have only the same user. By selecting this group for an application, the user cannot log in even though he is within the group.

Another question that I did not find in the documentation that integration works quickly. We have already created and deleted groups in AD itself, but within harmony this information is not enough, it is as if there was a sync problem. But the connectivity status is "success".

In Session Logs, the access attempts are with the action: "Requested Access" and the details: "Granted", you must be accessing the application, correct?

Please, if you have any questions I would be very grateful.

Re: Harmony Connect Identity Provider - ADFS

PhoneBoy — Fri, 24 Jun 2022 19:16:56 GMT

Looks like we don't support automatic sync of users and groups with ADFS.
That means creating the groups and users manually in Harmony Connect (though the authentication will take place with ADFS).
See: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Connect-Admin-Guide/Topics-Harmony-Connect-AG/Settings/Identity-Providers.htm?Highlight=adfs

Re: Harmony Connect Identity Provider - ADFS

Pedro_Sentinela — Mon, 27 Jun 2022 11:28:59 GMT

valeu, phone.