This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rameshm18
Explorer
‎2022-05-02 06:50 AM

Azure SAML for checkpoint web vpn

 

Hi,

 

How do we implement  Azure SAML SSO  for check point mobile VPN?.   There are guides available for Remote Access VPN with Azure SAML SSO.   But not available for mobile VPN. 

Can some one help?.

 

Thanks,
Ramesh M. 

0 Kudos
8 Replies
_Val_
Admin
Admin
‎2022-05-04 07:22 AM

Please specify in details, what you are trying to do, including the version and use and at least some information about the setup

0 Kudos
_Val_
Admin
Admin
‎2022-05-04 07:23 AM

That said, please look into sk171501 to see if the described issue is the one you are having.

0 Kudos
rameshm18
Explorer
‎2022-05-10 03:30 AM
In response to _Val_

Hi Val,

 

This is not related to sk171501.   There is no guide available for Azure SAML SSO implementation for Mobile Access VPN Portal.   How ever i see  there is guide available for RA VPN.

In the Azure portal, default gallery based builit in application available for RA VPN and not available for mobile access vpn. 

I have created a custom - non gallery application and filled in the SAML settings with Sign on and reply URL.  But not sure what to fill in  Logout URL.     Some how, mobile Access VPN is now working with Azure MFA with SAML SSO.   but when i try to log out from Mobile Access portal it says "Signing out from Check Point Mobile does not automatically sign out from your Identity Provider's session."   if i close the browser and open the browser and try to relogin, it just logged in without asking MFA.   It behaves like that till 60 minutes.   after that it becomes normal.   Not sure this related to 'logout URL' not filled in the application.  dont know how to format the 'Logout URL'.

Refer the attached image.      Any advise would be helpful.      Thanks

Preview file
84 KB
0 Kudos
DRuser
Explorer
‎2023-01-17 05:08 AM
In response to rameshm18

@rameshm18 , I'm in the same case. Do you find a solution? Thank you in advance for your answer

0 Kudos
nzmatto1
Contributor
‎2023-01-17 01:36 PM
In response to rameshm18

The SSO session with the provider remains logged in based on the SSO providers settings. This is a massive benefit of use MFA and SSO. You are logging in on the device with the username / password / MFA. That device retains the authentication based on the SSO setting (one of my clients is 30 days). This means if they reconnect from the same device with the same user within 30 days they will no be re-prompted for anything and the VPN will connect and advise the session has been authenticated by the provider. It's GREAT for them! 

0 Kudos
DRuser
Explorer
‎2023-01-18 01:07 AM
In response to nzmatto1

I need to re-authenticate every time.

In Azure, Conditional Access, you can only type a sign-in frequency of 1 Hour.

is there a workaround for my need?

 

When my client disconnect his VPN, he have the information "your session is keeping in the IDP".

 

Realeboga_Mashi
Contributor
‎2024-01-03 01:45 PM
In response to DRuser

I have the same issue - I would like that each time a RA VPN Session is terminated, the Azure token must be released\expire immediately so that if another session is established, the whole MFA is (re)initiated.

 

For me the fact that Azure token is valid for minimum 60minutes is a security "red flag" because the session remains active with the IDP.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-17 01:22 PM

It's the same product (thus the same guide).
That assume we're talking about Check Point Mobile installed on Windows (versus Capsule VPN where this is not currently supported).

0 Kudos
Trending Discussions
DynamicID with SMS OTP
Upcoming Events

    CheckMates Events