Hi community,
I got a customer with R80.10 JHF 75 gateway and MGMT on the same version.
We implemented Client VPN access with Azure AD and SAML via Identity Profiles and that is working fine.
Now we want to limit the users, who are allowed to connect in office mode.
We have a vpn-user group and limiting access via identity tags is working fine, but the users can still connect to the VPN and can drain the available office-mode pool.
So an AzureAD object for group mapping looks like the best shot.
We created the client-secret, noted the application ID from our enterprise app and also the tenant app, but if I test the connection, connection failed, please check the credentials supplied. Permissions for Graph and Read-All is set, the gateway and mgmt got internet access.
Any ideas? Has anyone made this running so far? We followed the steps described here: Using Azure AD for Authorization (checkpoint.com) and here https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/cloudguard-saas/90/1/AzureService...
Looking forward to your inputs
Best Regards
Chacko