Create a Post
imamuzic
Explorer

Harmony Connect App and Identity Awarness

Hello,

 

What is the point of Identity Awareness feature for Harmony Connect App Remote Users? We use Azure AD as IDP in Harmony Connect and we noticed the same behavior regardless of Identity Awareness enable status, that is, we can filter access trough Network Access policy based on Azure AD groups and users, usernames appearing in logs, etc...

From Admin Guide I understood that when Identity Awareness is enabled it should ask users for credentials before connecting to Harmony Connect cloud, but is this meant only for clientless users and not for Connect App users then?

Best Regards,

Igor

 

 

0 Kudos
2 Replies

Can you clarify the scenario?

Remote Access (Network Access) to internal resources?

-or-

Internet Access (WWW) to external resources?

The latter is explained here:

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Connect-Admin-Guide/T...

0 Kudos
imamuzic
Explorer

Well, I meant both use cases, actually... But even for the Internet access case, I would like to get some clarification about what is stated in the config guide, is the expected flow like this (in case Identity Awareness is enabled)?:

  1. If the Connect App end user is not authenticated, when the client tries to access Internet or Internal resources (Network Access feature) browser should pop-up to do SAML with IDP (Azure AD).
  2. The user is authenticated and the traffic will be matched by security policy referencing Azure group/username in the Source column.
  3. Traffic is logged with client username as an addition to IP address

 

Regards,

Igor

 

 

0 Kudos