This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tarsonflorencio
Participant
‎2024-05-14 11:41 AM

OKTA AS IDP FOR CHECK POINT VPN CLIENT

Hello everyone, good afternoon, how are y'all?

We have successfully integrated OKTA as an identity provider via SAML 2.0 for authentication of Check Point VPN through the browser (SSL Bookmark), which works perfectly. However, when attempting authentication through the VPN Mobile Client, we encountered an error immediately after passing the authentication by OKTA: “Access denied. The destination of your request has not been configured, or you do not have authorization to access it” (403), as illustrated in the image below.

I suspect the problem is related to authorization configurations in the VPN, as we have tried several other configurations without success. The External User Profile object is set up as Generic and the authentication scheme is set to IDP.

Could you help us resolve this situation? I believe your assistance and detailed analysis could be decisive.image.png

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2024-05-14 03:12 PM

What version/JHF are the gateway and management?
Please make sure you meet all the requirements here: https://support.checkpoint.com/results/sk/sk172909 

tarsonflorencio
Participant
‎2024-05-17 06:32 AM
In response to PhoneBoy

Hey Buddy, The version is R81.20 Jumbo Hotfix Take 41. 
Thank you so much, I'll take a look at this link.

0 Kudos
the_rock
Legend
Legend
‎2024-05-14 07:05 PM

To me at least, logically, that error does not indicate OKTA issue, but rather access policy for mobile access...something there is missing or not allowed, seems like.

Andy

tarsonflorencio
Participant
‎2024-05-17 06:36 AM
In response to the_rock

Nice clue man, I'll check on the access policy for mobile access.
Appreciate

0 Kudos
the_rock
Legend
Legend
‎2024-05-17 06:27 PM
In response to tarsonflorencio

Sounds good.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events