This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nzmatto1
Contributor
‎2022-11-24 12:40 PM

Enforcing SSO for most users but still allowing Username / Password for others using Endpoint VPN

Hi team, 
I have enabled SSO for all our internal VPN users and this is now at a point where I wish to disable the username / password capability, however we have a few external clients who have access to our VPN too. Those external clients use accounts which are configured locally on the firewall.

Is there any way I can permit only people with local accounts access to use the old login feature whilst forcing all other users to use SSO only? 

I can't seem to find any logical way of achieving this and suspect I'm just missing something. 

Thanks

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2022-11-25 12:15 PM

You can’t really force it, unfortunately, as both login options will be presented to everyone.
Only the users who are locally defined will be able to use the old method, though.

0 Kudos
nzmatto1
Contributor
‎2022-11-25 08:08 PM
In response to PhoneBoy

Thanks. 
I think I am missing something in my knowledge here.
How does the Username / Password option know who can log in?

Is it all users defined under users / identiies? This would mean everyone defined there can login (assuming correct creds), after which their access is controlled by policy?
I think this is making sense, and I think my ultimate answer will be to set up external user profiles for my very few current local users and then remove the username/password authentication method, or perhaps I could assign them a certificate and use that option.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events