Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Pearl

Is SAML support available in r80.10?

Hi.

I was reading the sk98811 and tried to lookup same feature in r80.10, but no luck.

Any ideas where to look for it will be appreciated.

Tags (1)
0 Kudos
9 Replies
Highlighted
Admin
Admin

Re: Is SAML support available in r80.10?

It is not currently supported in R80.x.

Highlighted
Employee+
Employee+

Re: Is SAML support available in r80.10?

any roadmap?

Also if customer have AD server in Azure and using ADFS, can we have an integration ready with Azure ADFS?

0 Kudos
Highlighted
Admin
Admin

Re: Is SAML support available in r80.10?

I believe there is roadmap for both items, but no dates to share at this time.

0 Kudos
Highlighted
Employee
Employee

Re: Is SAML support available in r80.10?

Is there roadmap info for SAML in R80.20/.30?
0 Kudos
Highlighted
Admin
Admin

Re: Is SAML support available in r80.10?

It will most likely be a future version.
0 Kudos
Highlighted

Re: Is SAML support available in r80.10?

Two years after this question was first asked, and still nothing formal on Roadmap or expected version of code?  It's not in R80.30 or R80.40.

The challenge is that while RADIUS works, it precludes customers for using any U2F/FIDO2 style MFA tokens, which are more secure than traditional OTP based tokens.  The only secure option for customers at present is an MFA solution that supports Push notification, but that requires a smart phone with the app and available mobile phone data service.  There are situations where phones are not allowed (manufacturing floors, for example) or where you don't have mobile coverage but would still have Internet (wired, dial-up, etc.).  Additionally, there are situations where a user might not have a mobile phone or only have a personal one that doesn't support the necessary mobile app and you need to deploy a hardware token to the user or use a hardware token as a backup to the mobile app.

0 Kudos
Highlighted
Admin
Admin

Re: Is SAML support available in r80.10?

There is SAML support in R80.40 for Identity Awareness specifically.
See: https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/Identity-Awareness-using-Azure-AD...
This has not made its way into the Remote Access clients yet.
0 Kudos
Highlighted

Re: Is SAML support available in r80.10?

While interesting, the remote access client is where it's really valuable.  It's ultimately a matter of priorities, I guess.  Other vendors have had SAML support in their clients for years.

To me, being unable to support U2F as an MFA token is a big miss for a company that prides itself on being on the leading edge of security.  

It pains me to say it, but Check Point has really paid little attention to remote access security for the past 4-5 years.  Even the Mobile Access SSL-VPN is very long in the tooth.  Hotfix after hotfix just to be able to use it on modern systems and browsers.  And not even included in the JHF, but as special MABDA hotfixes that required a reboot of a firewall to install.  Finally showing up in R80.40.

It's just my personal opinion, but it feels like Check Point is just chasing butterflies and not paying enough attention to the fundamentals.

Highlighted
Admin
Admin

Re: Is SAML support available in r80.10?

Adding SAML support to the VPN clients is not in the near-term plans.
I would encourage you to discuss the requirements with your local Check Point office, which can help promote this.
0 Kudos