This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mithu
Contributor
‎2021-07-04 01:48 AM

Enabling 2 Factor for specific user group

Hi, Currently we are maintaining local users to log in to Remote VPN client, customer wants to enable two factor (Dynamic ID with third party SMS provider) for specific users only.  Is it possible to enable for specific user group with dynamic ID?

0 Kudos
10 Replies
the_rock
Legend
Legend
‎2021-07-04 09:30 AM

I had been wondering exact same thing for a while now, so Im glad you posted this question...lets see if we can get a confirmation.

0 Kudos
MartinTzvetanov
Advisor
‎2021-07-05 12:03 AM

You select the login scheme before entering the username, so it's not possible to configure different login schemes for different groups.

0 Kudos
Ruan_Kotze
Advisor
‎2021-07-05 01:08 AM
In response to MartinTzvetanov

This is my understanding as well, the scope of DynamicID is the gateway or cluster object, not user or groups.

0 Kudos
Benedikt_Weissl
Advisor
‎2021-07-05 06:22 AM

You can use multiple authentication settings per gateway. Edit the gateway or cluster object, VPN Clients, Authentication, "multiple authentication client settings", create profiles for the different authentication factors.

0 Kudos
Ruan_Kotze
Advisor
‎2021-07-05 06:25 AM
In response to Benedikt_Weissl

Correct, however OP wants to do different authentication schemes per user / group.  For example Group A - Username & Password, Group B - Username & Password + SecureID.

0 Kudos
Benedikt_Weissl
Advisor
‎2021-07-05 06:36 AM
In response to Ruan_Kotze

You can change the authentication profile during site creation or afterwards

0 Kudos
MartinTzvetanov
Advisor
‎2021-07-05 06:39 AM
In response to Benedikt_Weissl

The point is the GW to force me to use this profile based on my user/group, not what I configured when creating the site.

0 Kudos
Benedikt_Weissl
Advisor
‎2021-07-05 08:54 AM
In response to MartinTzvetanov

OP didn't mention anything about the gateway enforcing this. He just wants to enable DynamicID for specific users. This is possible by changing the site for those users and then setting "predefined_sites_only" to true via the gateways ttm file.

0 Kudos
MartinTzvetanov
Advisor
‎2021-07-06 01:02 AM
In response to Benedikt_Weissl

What if you use SNX?

0 Kudos
MartinTzvetanov
Advisor
‎2021-07-05 06:25 AM
In response to Benedikt_Weissl

and how will you set profile 1 to be for user group1 and profile2 for group2?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top