This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gaurav_Pandya
MVP
MVP
‎2024-06-11 10:08 AM
Jump to solution

Remote access community participating group using Azure saml authentication

Hi Mates,

I have configured Azure saml authentication for remote access vpn. During testing, We are getting "Negotiation with site is failed" error message on client side and "user does not belong to remote access community" in smart console.

When I changed remote access vpn community participating group to "all user", we are able to authenticate for remote vpn using saml.

Question here is, can I map Azure identity provider group in remote access community participating group? because it does not show any identity provider group when I try to add in participating group. Or I need to keep "All user" in participating group?

 

0 Kudos
1 Solution

Accepted Solutions
the_rock
MVP Diamond
MVP Diamond
‎2024-06-11 12:26 PM
Jump to solution

I attached a doc that hopefully is helpful to you.

Andy

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

Check Point and Microsoft Entra SAML SSO for VPN.docx
9 Replies
PhoneBoy
Admin
Admin
‎2024-06-11 11:43 AM
Jump to solution

Create groups as described here: https://support.checkpoint.com/results/sk/sk177267

Gaurav_Pandya
MVP
MVP
‎2024-06-12 01:20 AM
In response to PhoneBoy
Jump to solution

Thanks, Phoneboy. I have already created and tested with group name EXT_ID_ with no luck. I will verify configuration with Azure administrator.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-06-11 12:11 PM
Jump to solution

The sk Phoneboy gave you is definitely good place to start. One of my colleagues and I had to do this for a large customer.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-06-11 12:26 PM
Jump to solution

I attached a doc that hopefully is helpful to you.

Andy

Best,
Andy
"Have a great day and if its not, change it"
Check Point and Microsoft Entra SAML SSO for VPN.docx
Gaurav_Pandya
MVP
MVP
‎2024-06-12 01:20 AM
In response to the_rock
Jump to solution

Thanks @the_rock for sharing document. I will verify.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-06-12 04:10 AM
In response to Gaurav_Pandya
Jump to solution

Hope it really helps you, as we always follow it and works fine. Let me know if any issues.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Gaurav_Pandya
MVP
MVP
‎2024-06-17 03:39 AM
In response to the_rock
Jump to solution

We have followed sk177267 & sk172909 to define group in Azure. Still, it was not working, Lastly, we have configured each group has its own role which you mentioned in supplementary instruction document (Undocumented step – CRUCIAL). It did the trick. Now it is working as expected. 

Thanks again for sharing supplementary instruction document.

the_rock
MVP Diamond
MVP Diamond
‎2024-06-17 03:42 AM
In response to Gaurav_Pandya
Jump to solution

I agree, thats super important step. My colleague and I got that from Azure documentation, I will write a feedback about it in the sk.

Best,

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2024-06-17 04:56 AM
In response to Gaurav_Pandya
Jump to solution

Okay, just submitted a feedback.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 16 Jun 2026 @ 09:30 AM (BST)

    DDOS MasterClass in London!
    In-Person

    Tue 16 Jun 2026 @ 08:00 AM (EDT)

    Montreal: P’tits déj Cyber! | Cyber Breakfasts!
    CheckMates Events