This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nasa
Participant
‎2022-05-17 09:07 AM

Is administrator login to manager via groups on tacacs or radius or ldap possible ?

I try to figure out if there is really no way to setup administrator authentication and autorization via groups.

Documentation shows only authentication via multiple authentication backends like radius, tacacs ... unfortunatley no ldap.

And even worse, every administrator account needs to be configured one by one, instead there will be one object per admin authrorization profile, that can be mapped to e.g. a radius attribute... or tacacs attribute... ..or ldap groupd but ldap is not mentioned for admin auth.

Configuring Authentication Methods for Administrators (checkpoint.com)

For users there is a way to authenticate them via ldap and maybe also some grouping, but for administrators I can not find anything. So I have to add/remove admin users name by name regularly on the management server, even if the user is on the backend (ldap) added/removed.

Does someone have more information on that topic ?

Labels
0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2022-05-17 10:19 AM

If you are talking about admins or ho connect via SmartConsole, you are correct.
Individual admins must be created.

R81.20 will allow authentication via SAML.
Not sure if that will also allow for defining a group of admins (versus defining individual users). 

nasa
Participant
‎2022-05-17 12:45 PM
In response to PhoneBoy

Thank's a lot,

unfortunately we have to live with the overhead on user creation on backend (ldap) and on manager(s) for admin users.

0 Kudos