https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-VPN-with-SAML-Google-SSO-to-re-authenticate/m-p/223068#M6103 <P>Hello&nbsp;nzmatto 1<BR />Can u share how you configure SAML with Google? I'm try, but not work working.<BR />Are u make&nbsp;SAML Attribute Mapping on Google? If yes, how your configurated?</P><P>&nbsp;</P> Thu, 08 Aug 2024 13:16:35 GMT Icaro_IT 2024-08-08T13:16:35Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-VPN-with-SAML-Google-SSO-to-re-authenticate/m-p/160005#M6100 <P>Here's another wired request from the crazy kiwi.&nbsp;<BR />I have configured the Remote Access VPN to use Google SSO through a SMAL app. This seems to be working fine, however for further testing I wish to force my client to log out, including from the SSO session to force the 2FA again.</P><P>The process is I log on from the client for the first time on a device and I am prompted for a username and password, then for the Google MFA. This is fine, it's accepted and the VPN establishes. once I am finished with the VPN I can disconnect.&nbsp;</P><P>The next time I reconnect it doesn't prompt for anything, which from a user point of view is perfect. No username / password / 2fa just straight in. The secure way is the easy way.&nbsp;</P><P>However for testing I wish to force my account to log out fully, requiring the username / password / 2fa again, and I can't work out how to achieve this from the client. I have even gone as far as deleting and reinstalling the client, however even then it only asks for a username and password as somewhere in the background Google magic knows I've recently done the 2fa so it just works.&nbsp;</P><P>From the client / desktop side I he logged out from my google account and revoked all trusted devices but to no avail.&nbsp;</P><P>Is there some way from the client side I can force my account to require the 2fa like it was a new connection every time?&nbsp;</P><P>I'm wondering if this might be stored in the registry, or in a cookie or something like that.&nbsp;</P> Wed, 19 Oct 2022 23:47:06 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-VPN-with-SAML-Google-SSO-to-re-authenticate/m-p/160005#M6100 nzmatto1 2022-10-19T23:47:06Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-VPN-with-SAML-Google-SSO-to-re-authenticate/m-p/160148#M6101 <P>To achieve the desired behavior, you have to have&nbsp;ForceAuthn set to true as part of the SAML request.<BR />This is not done by default currently, but a fix for this can be obtained from the TAC by referencing&nbsp;<SPAN>TM-34402.</SPAN></P> Sat, 22 Oct 2022 00:34:24 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-VPN-with-SAML-Google-SSO-to-re-authenticate/m-p/160148#M6101 PhoneBoy 2022-10-22T00:34:24Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-VPN-with-SAML-Google-SSO-to-re-authenticate/m-p/177686#M6102 <P>We're using MS saml. I want to disable all network access unless VPNd, how can I do that?</P> Fri, 07 Apr 2023 19:08:21 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-VPN-with-SAML-Google-SSO-to-re-authenticate/m-p/177686#M6102 Agent_Smith 2023-04-07T19:08:21Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-VPN-with-SAML-Google-SSO-to-re-authenticate/m-p/223068#M6103 <P>Hello&nbsp;nzmatto 1<BR />Can u share how you configure SAML with Google? I'm try, but not work working.<BR />Are u make&nbsp;SAML Attribute Mapping on Google? If yes, how your configurated?</P><P>&nbsp;</P> Thu, 08 Aug 2024 13:16:35 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Forcing-VPN-with-SAML-Google-SSO-to-re-authenticate/m-p/223068#M6103 Icaro_IT 2024-08-08T13:16:35Z