This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Eli_Faskha
Participant
Participant
‎2020-07-04 02:14 PM

Different Multiple Login Options for different user groups

We have seen a large increase in the use of multifactor authentication for VPN access (endpoint, not portal). However, clients are saying that they don't need MFA for all users, only for certain groups of users (VIPs, admins, etc). They're part of the same AD, but some should be required to login with MFA, others only user/pw or only certificates.

We haven't found a way to do that with Multiple Login Options. We need to use the same Account Unit (multiple Units to the same domain cause conflicts), we cannot use a different VS for different group (overkill and not feasible).
We needan option in the User Directories of the Multiple Login Options, to be a specific LDAP group, or a specific usergroup within an LDAP Account Unit.

Anyone can think of another way to do this?

Remote Access VPN Identity Awareness 

Remote Access VPN
Remote Access VPN
Quantum
Identity Awareness
Identity Awareness
Quantum
0 Kudos
5 Replies
Royi_Priov
Employee
Employee
‎2020-07-06 11:31 PM

Hi @Eli_Faskha ,

 

You might be able to delegate this ability to a RADIUS server to decide which factors the users needs to go through.

Adding SAML support for RA VPN clients is on our short term roadmap, and Identity Provider certainly support such option.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
Ruan_Kotze
Advisor
‎2020-07-07 12:19 AM
In response to Royi_Priov

I (and I'm sure a lot of others) are very excited about the upcoming SAML support!
Eli_Faskha
Participant
Participant
‎2020-07-07 07:15 AM
In response to Royi_Priov

Thanks @Royi_Priov for the answer.

Looking forward to SAML for RA VPN clients (including Securemote).

The RADIUS option is not really an option, since one of the reasons for the request is to license only a subset of users to the MFA service. If the RADIUS/MFA service is involved in the authentication decision, then all users would need a license for that.

 

0 Kudos
Xavier_FIQUET
Participant
‎2020-07-13 06:16 AM
In response to Eli_Faskha

do you think this feature can be added in a Jumbo on r80.30 or only after r80.40 release ?

 

thank in advance, we are waiting MFA/SAML for RA client for a long time.

 

regards

0 Kudos
Royi_Priov
Employee
Employee
‎2020-07-13 07:36 AM
In response to Xavier_FIQUET

Hi @Xavier_FIQUET 

I'm happy to get this feedback.

We are still in internal discussion about the availability, but it's too soon to publish anything - we will do our best.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events