This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Refaeliko
Participant
‎2024-01-04 10:09 AM

SAML Azure AD - Remote access Access Role policy

Hey,

I have a problem now on implementation when using SAML Azure AD authentication. Everything is working - authentication etc. Users can login properly - connectivity is ok. 

The problem is that from the moment I added groups to the cp application in azure, even if there is no rule - the authorized users have access to all the networks. If they are restricted by a certain rule they still have access to all the networks, and the rule not working. Does anyone have an idea?

 

Thanks to those who answered! 

0 Kudos
4 Replies
the_rock
Legend
Legend
‎2024-01-04 12:43 PM

Can you maybe send some screenshots of the rule in question, as well as groups referenced and the log showing that access? I think that would help us...please blur out any sensitive info.

Best,

Andy

0 Kudos
Refaeliko
Participant
‎2024-01-04 03:04 PM
In response to the_rock

This is exactly the point that the rule has no effect on the Azure users. Even if there is no rule on the azure users - all networks are open for these users. Even if there is a rule that blocks it, everything is still open. On the other hand, Legacy users work according to the rules. There was one case that stopped the access and it was that I created a rule that blocks 'all users' and then everything was blocked.

 

If the screenshots are still important to you - I will send them.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-01-04 02:37 PM

You've created the necessary groups in SmartConsole, correct?
https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_RemoteAccessVPN_AdminGuide/T... 
You've added those groups to the relevant Access Role objects, correct?

0 Kudos
Refaeliko
Participant
‎2024-01-04 02:51 PM
In response to PhoneBoy

Of course 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events