Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
michele
Explorer
Jump to solution

Azure AD - Device Group

If I connect Azure AD as an identity provider, can I then also authorize by device group on azure in addition to by user group? my goal would be to enable a user group only from a particular device group.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Not currently possible as the authentication method has to be SAML to obtain the user's groups from Azure AD.

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

As long as the group comes across in the SAML Assertion and there is a local group created for it (of the form EXT_ID_xx where xx is the case sensitive name of the group), I don't see why it wouldn't work.

0 Kudos
michele
Explorer

Thank you.
Right now windows clients, I connect in VPN via capsule component (configured on windows built-in vpn); since it only requires user password to connect, I wanted to understand if I could add in addition to a user group, a managed device group; right now the user groups are read via LDAP (AD onprem), however, I would like to understand if I can connect the user/device groups directly on Azure and not change the current connection method (Capusle with user/password) as I would not want to go and install the dedicated checkpoint software to connect in vpn

0 Kudos
PhoneBoy
Admin
Admin

Not currently possible as the authentication method has to be SAML to obtain the user's groups from Azure AD.

0 Kudos
michele
Explorer

Is there anything I can do so that I can always use capsules though increasing security?

0 Kudos
PhoneBoy
Admin
Admin

This isn't supported with the Capsule VPN clients.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events