- CheckMates
- :
- Products
- :
- General Topics
- :
- Identity collectors and captive portal
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Identity collectors and captive portal
Is it possible to use captive portal mfa with identity collectors?
4 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Identity Collector will pull information from Active Directory and doesn't use MFA.
If you want some users to authenticate with Captive Portal and MFA from a non-AD identity source, you can do that too.
If you want some users to authenticate with Captive Portal and MFA from a non-AD identity source, you can do that too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If MFA is mandated and identity collectors are desired so that AD groups can be used, is it possible to use both captive portal (MFA) and identity collectors (AD groups query)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Identity Collector is a specific tool that runs on a Windows machine that relays people who have already authenticated with Active Directory to a Check Point gateway.
Active Directory is performing the authentication of the user in this case, thus we do not get involved with MFA here.
Based on information gathered from Active Directory, Identity Collector communicates which user authenticated at which IP address to the configured Check Point gateway.
Captive Portal is another way to acquire identities.
Depending on the authentication mechanism used, Captive Portal can require MFA.
Can both methods be used to gather identities? Yes.
Regardless of how the identity is gathered, the gateway looks up the users in LDAP to determine what Access Roles (and rules) apply.
Active Directory is performing the authentication of the user in this case, thus we do not get involved with MFA here.
Based on information gathered from Active Directory, Identity Collector communicates which user authenticated at which IP address to the configured Check Point gateway.
Captive Portal is another way to acquire identities.
Depending on the authentication mechanism used, Captive Portal can require MFA.
Can both methods be used to gather identities? Yes.
Regardless of how the identity is gathered, the gateway looks up the users in LDAP to determine what Access Roles (and rules) apply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"Regardless of how the identity is gathered, the gateway looks up the users in LDAP to determine what Access Roles (and rules) apply."
True if f the Users in the Access Role is set to AD domain (or other LDAP source). You can also select Internal User Groups, which would then not look up users in LDAP to determine Access Role
Dave
(Been doing a lot of testing with Access Roles and authentication methods the last few days)
