This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bacim
Contributor
3 weeks ago
Jump to solution

How to default SmartConsole Web login to IDP?

We expose our SmartConsole on the management server to specific colleagues so they can consult the firewall logs.

Is there a way to default the login for Web SmartConsole to the IDP option for SSO sign-in?

Note: we only want it for the read-only colleagues using the Web SmartConsole. For us admins on the client, it should not change.

Default:

bacim_1-1732105157365.png

 

Desired:

bacim_0-1732105129903.png

 

0 Kudos
1 Solution

Accepted Solutions
Duane_Toler
Advisor
3 weeks ago
In response to bacim
Jump to solution

This default is just for when adding a new administrator.  It gives you a shortcut so you don’t have do the same clicks each time.

What you request is not possible.  How can the login form know what default to present for different potential, but as yet unknown, users? If they had the full SmartConsole client, this will be set after their first login.

The only way the web console can do this is via a locally stored browser cookie (what they were originally designed to do). You’ll likely have to do a TAC case and/or RFE for that. Achieving this is a 100% server side operation.

 

View solution in original post

9 Replies
the_rock
Legend
Legend
3 weeks ago
Jump to solution

Screenshot_1.png

 

Screenshot_2.png

 

 

Screenshot_3.png

  

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to the_rock
Jump to solution

@bacim Forgot to add, though this goes without saying, you need to have IDP object listed to use this.

Andy

Screenshot_1.png

0 Kudos
bacim
Contributor
3 weeks ago
In response to the_rock
Jump to solution

Hi Andy,

Many thanks for your feedback.

 

We use only the EID integrated group, so no administrator profiles (except for us RADIUS admins as fallback).

It seems I cannot set the default authentication method on such groups:

bacim_1-1732108138872.png

Changing it here would change the default for everyone, right? Can we then still do a fallback in the web/client GUI to RADIUS as admins?

bacim_0-1732107958702.png

 

 

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to bacim
Jump to solution

I see what you are saying. Let me play around with it in the lab, I dont care if it breaks, haha. Well, I do care (sort of), but not hard to fix. I will also check R82 lab as well.

Andy

the_rock
Legend
Legend
3 weeks ago
In response to bacim
Jump to solution

Actually, this got me thinking if there is a way to set as per below options, but for group defined users, rather than generic. Maybe someone else can confirm, but I would also open TAC case to see if they may know for sure.

Andy

 

Screenshot_1.png

0 Kudos
Duane_Toler
Advisor
3 weeks ago
In response to bacim
Jump to solution

This default is just for when adding a new administrator.  It gives you a shortcut so you don’t have do the same clicks each time.

What you request is not possible.  How can the login form know what default to present for different potential, but as yet unknown, users? If they had the full SmartConsole client, this will be set after their first login.

The only way the web console can do this is via a locally stored browser cookie (what they were originally designed to do). You’ll likely have to do a TAC case and/or RFE for that. Achieving this is a 100% server side operation.

 

the_rock
Legend
Legend
3 weeks ago
In response to Duane_Toler
Jump to solution

I tend to agree with that @Duane_Toler . I also checked on PAN and Fortigate and does not appear something like this is possible at the moment.

Andy

0 Kudos
bacim
Contributor
3 weeks ago
In response to Duane_Toler
Jump to solution

Thanks for the feedback.

It was more of a QoL feature for our end users so not really worth putting in this much effort.

the_rock
Legend
Legend
3 weeks ago
In response to bacim
Jump to solution

I was really curious about this and wanted to double check if its possible on other vendors, but my colleagues told me its definitely not. 

But certainly something to consider for the future I would say, so you can always submit an RFE.

Andy

https://support.checkpoint.com/results/sk/sk71840

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events