This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
C_M
Contributor
‎2020-04-28 09:44 AM

Identity collectors and captive portal

Is it possible to use captive portal mfa with identity collectors?

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2020-04-28 12:14 PM

Identity Collector will pull information from Active Directory and doesn't use MFA.
If you want some users to authenticate with Captive Portal and MFA from a non-AD identity source, you can do that too.
0 Kudos
C_M
Contributor
‎2020-04-28 12:16 PM
In response to PhoneBoy

If MFA is mandated and identity collectors are desired so that AD groups can be used, is it possible to use both captive portal (MFA) and identity collectors (AD groups query)?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-28 03:54 PM
In response to C_M

Identity Collector is a specific tool that runs on a Windows machine that relays people who have already authenticated with Active Directory to a Check Point gateway.
Active Directory is performing the authentication of the user in this case, thus we do not get involved with MFA here.
Based on information gathered from Active Directory, Identity Collector communicates which user authenticated at which IP address to the configured Check Point gateway.

Captive Portal is another way to acquire identities.
Depending on the authentication mechanism used, Captive Portal can require MFA.

Can both methods be used to gather identities? Yes.
Regardless of how the identity is gathered, the gateway looks up the users in LDAP to determine what Access Roles (and rules) apply.
0 Kudos
David_C1
Advisor
‎2020-04-29 12:01 PM
In response to PhoneBoy

"Regardless of how the identity is gathered, the gateway looks up the users in LDAP to determine what Access Roles (and rules) apply."

 

True if f the Users in the Access Role is set to AD domain (or other LDAP source). You can also select Internal User Groups, which would then not look up users in LDAP to determine Access Role

 

Dave

(Been doing a lot of testing with Access Roles and authentication methods the last few days)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events