This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
smeny
Participant
‎2021-12-22 11:19 PM

Check Point Harmony connect Identity Provider SafeNet(Thales)

Jump to solution

Hello all,

We currently want to connect the identity provider SafeNet with Check Point Harmony. Unfortunately SafeNet is not listed as a native provider, so we have to use the generic SAML interface.

So far we have not been able to transfer the correct values (groups) to Harmony, which is why no user authentication can be performed.

Do any of you have experience or have even actively integrated SafeNet?

We are grateful for every tip

Greetings Stefan

 

0 Kudos
1 Solution

Accepted Solutions
smeny
Participant
‎2022-03-09 02:25 AM

Jump to solution

Hi All,
we have managed to connect Safenet Thales to the Check Point Hamony Connect Cloud via genric SAML. attached you will find the screenshots of the configuration we created in the Safnet Thales portal. It is also important that the groups have to be created manually.

Just for Info, if somebody also want to use it

bye

Stefan

View solution in original post

Preview file
24 KB
Preview file
27 KB
0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2021-12-28 12:25 PM

Jump to solution

My understanding is that SAML itself isn't used for groups, or at least we're not using it for that.
In Azure AD, for instance, we use the Graph API to pull groups.
A specific integration would likely be an RFE.
@Royi_Priov 

0 Kudos
Royi_Priov
Employee
Employee
‎2021-12-29 03:46 AM
In response to PhoneBoy

Jump to solution

Hi,

Indeed SafeNet is not listed as one of the vendors in the Harmony Connect IDP wizard, so we need to use the generic option. It means that the users/groups will not be listed while trying to configure rules in the poilcy.

@Keren_Greenblat maybe you can elaborate better about the needed steps to make it work from HC policy point of view?

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Keren_Greenblat
Employee
Employee
‎2021-12-29 04:15 AM
In response to Royi_Priov

Jump to solution

Hi,

 

AFAIK, SafeNet was never tried with generic (I would have known).

also there's no guarantee that it will work.

please try these steps for your configuration:

 

General SAML IDP - how to configure with customer

 

  1. Configure the wizard
  2. Be aware that full sync isn’t supported.
  3. On the IDP side use the URL’s from the connectivity page in the idp wizard (2 urls must be configured for Entity ID and reply URL(sso))
  4. Try to configure the following claims:
  • nameId – email format
  • ‘userId’ – user object id in the IDP.
  • 'First Name' – user first name
  • 'Last Name' – user last name
  • ‘email’ – user email
  • ‘groups’  or “urn:mace:dir:attribute-def:groups” as key, value should be the group name

 

if this still doesn't work, and it's a deal breaker, I will be able to join for a two hours (maximum) session to try and help.

please note, I had similar session last week for KeyCloak over generic, but after two hours we still couldn't complete relevant configuration.

Such cases are example why it cannot really done online with customer. IDP official support requires developer research that usually takes few days, and therefore closing it in a session with customer is less recommended (therefore I suggest to allocate 2 hours max for that).

0 Kudos
Norbert_Bohusch
Advisor
‎2021-12-30 01:28 AM
In response to Keren_Greenblat

Jump to solution

Hi,

I have already integrated Harmony Connect with Thales STA (Safenet Trusted Access) and it worked. But I tried it only for Harmony Connect Internet Access if I remember correctly.

I don't have it enabled anymore.

 

0 Kudos
smeny
Participant
‎2021-12-30 01:59 AM
In response to Norbert_Bohusch

Jump to solution

Hi Norbert,

Do you happen to have a screenshot or a small documentation of the values you have stored in the Safenet portal for Check Poitn Harmony?

Happy new Year !!

bye

Stefan

0 Kudos
Norbert_Bohusch
Advisor
‎2021-12-30 02:01 AM
In response to smeny

Jump to solution

Sorry, no, I have only tested it and removed the configuration directly afterwards.

0 Kudos
smeny
Participant
‎2022-03-09 02:25 AM

Jump to solution

Hi All,
we have managed to connect Safenet Thales to the Check Point Hamony Connect Cloud via genric SAML. attached you will find the screenshots of the configuration we created in the Safnet Thales portal. It is also important that the groups have to be created manually.

Just for Info, if somebody also want to use it

bye

Stefan

Preview file
24 KB
Preview file
27 KB
0 Kudos