This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Patrickc
Explorer
Wednesday

Check Point Remote Access Integration with Azure AD MFA

HI All,

The customer currently has a requirement for two-step verification when connecting through Endpoint Security VPN. The first step requires entering the on-premises AD username and password, and the second step involves integrating Azure AD's MFA, using Microsoft Authenticator to enter a token. Is this achievable?

 

GW:R81.20

 

Thanks

0 Kudos
11 Replies
George_Casper
Collaborator
Wednesday

Do you have sync enabled between on-prem AD and Azure AD?

 

0 Kudos
Patrickc
Explorer
Wednesday
In response to George_Casper

Hi George,

Yes

0 Kudos
George_Casper
Collaborator
Wednesday
In response to Patrickc

So long as users and passwords are sync'd you can configure SAML auth directly to Azure AD.    There are two ways to hit Azure AD, one directly with SAML, the other with standing up a RADIUS server in the middle.   We chose the SAML method, less moving parts.   Depending on your M365 license levels you can add also on conditional access policies.

0 Kudos
Patrickc
Explorer
Wednesday
In response to George_Casper

Hi George,

I want to use SAML for authentication. Could you please provide the setup method and steps?

0 Kudos
the_rock
Legend
Legend
Wednesday

Maybe this guide would help?

Andy

Preview file
1363 KB
0 Kudos
Patrickc
Explorer
Wednesday
In response to the_rock

Hi Rock,

Can I use Check Point without the NPS Extension for Azure MFA? Is it possible to integrate using Check Point’s IDP object via SAML?

0 Kudos
the_rock
Legend
Legend
Wednesday
In response to Patrickc

I think so.

0 Kudos
George_Casper
Collaborator
Wednesday
In response to Patrickc

We went with SAML as mentioned above, less moving parts.   Though I've read here on previous posts there may be a couple Checkpoint SMB models that may not support SAML depending on what you have.

Patrickc
Explorer
Wednesday
In response to George_Casper

Hi George,

I am using the Check Point 3800 appliance, not the Check Point SMB

0 Kudos
George_Casper
Collaborator
Wednesday
In response to George_Casper

See sk172909 for SAML config though I think there's a better SK if I remember gave better step by step  instructions.

 https://support.checkpoint.com/results/sk/sk172909

(1)
the_rock
Legend
Legend
Wednesday
In response to George_Casper

Thats it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events