Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

Identity collectors and captive portal

Is it possible to use captive portal mfa with identity collectors?

 

0 Kudos
4 Replies
Highlighted
Admin
Admin

Identity Collector will pull information from Active Directory and doesn't use MFA.
If you want some users to authenticate with Captive Portal and MFA from a non-AD identity source, you can do that too.
0 Kudos
Highlighted
Nickel

If MFA is mandated and identity collectors are desired so that AD groups can be used, is it possible to use both captive portal (MFA) and identity collectors (AD groups query)?

0 Kudos
Highlighted
Admin
Admin

Identity Collector is a specific tool that runs on a Windows machine that relays people who have already authenticated with Active Directory to a Check Point gateway.
Active Directory is performing the authentication of the user in this case, thus we do not get involved with MFA here.
Based on information gathered from Active Directory, Identity Collector communicates which user authenticated at which IP address to the configured Check Point gateway.

Captive Portal is another way to acquire identities.
Depending on the authentication mechanism used, Captive Portal can require MFA.

Can both methods be used to gather identities? Yes.
Regardless of how the identity is gathered, the gateway looks up the users in LDAP to determine what Access Roles (and rules) apply.
0 Kudos
Highlighted

"Regardless of how the identity is gathered, the gateway looks up the users in LDAP to determine what Access Roles (and rules) apply."

 

True if f the Users in the Access Role is set to AD domain (or other LDAP source). You can also select Internal User Groups, which would then not look up users in LDAP to determine Access Role

 

Dave

(Been doing a lot of testing with Access Roles and authentication methods the last few days)

0 Kudos