- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix! 
All Videos In One Space
Hello,
I have a customer (currently on R81 HFA44) who would like to fully realize the following scenario for the connection of his users via Harmony Endpoint (currently on E86.10):
1. RADIUS auth with MFA for users in a specific AD group (i.e. VPN_WITH MFA), WITHOUT password change from the CP Harmony Endpoint (they do it from the Azure portal)
2. users in this specific group (VPN_WITH_MFA) must NOT be able to change the authentication to LDAP in the CP Harmony Endpoint local configuration
3. LDAP auth for users in a different AD groups (i.e. VPN_USERS) but WITH change password from the CP Harmony Endpoint.
All the configuration and devices are on premise, except the users of the VPN_WITH_MFA who are on Azure and using Microsoft Authenticator through Radius.
Actually, points 1 & 3 are working, but users in the VPN_WITH_MFA group are able to bypass the MFA authentication by simply selecting the login via Username&Password in their Harmony Endpoint client.
In fact, the actual configuration is the following:
Is there a way to allow the 1 & 2 & 3 configuration at the same time?
Thank you,
Luca
