Look here: https://support.checkpoint.com/results/sk/sk172909

Capsule is not listed, which means SAML is not supported with it.

There has been progress in recent Jumbo's it seems: R81.10 JHF T113

PRJ-47677,PMTR-88036 - VPN - UPDATE: Added SAML authentication support for Capsule Connect / Capsule VPN.

While I agree this is positive movement, I assume this would also require client updates as well.

Hi Chris,

good news. Do you have any documentation about how to implement it? Does it just work updating to the jhf 113 if actually SAML is used on PC/MAC devices?

This is the gateway portion, likely a future client version is also needed to complete the picture at which time the documentation will be updated / made available. 

read the bottom of that SK


Capsule does support SAML under the Mobile Access Blade.
See SK181494
=========
also see SK172909
it also now says capsule support, see sk181494

ok thank you (you deserve a good pizza if you come in italy).

Any experience/test with okta if you know?

Is there any roadmap for SAML support for iOS clients?

SAML is supported for Windows clients since nearly 2 years, but for iOS clients it is still "not currently supported". To use different authentication methods during a transition time period is okay, but after two years and with no chance to solve this, we are urged to migrate to another VPN solution.

Recommend you engage with your Check Point SE on this requirement. 

Any plans to work on enabling SAML Auth on Capsule Connect client for Windows?

I believe it was resolved per: SAML authentication in Capsule VPN/Connect (checkpoint.com)

But have sought clarification accordingly for Windows based clients specifically.

Edit: SK was amended to clarify it, if you require Windows support please consult with your SE regarding RFE submission for this.

sk181494 only applies to the Capsule clients on the Phones,  

The Capsule Client from the Windows Store still does not support SAML at this time.

SK172909
Capsule VPN for Android and Iphone are not supported for SAML auth at this time.

Someone must know if the updated client for SAML support is in the pipeline though ? Do we at least know if it is due before end 2023 ? 

Working with my sales team the fix owner says it is supported, we already have it working on mobile now. 

I know there is something in the works, but I have not been informed of any ETA or related data for it.
Once It is fully supported, I will know and the SK will be released.

If you're working with your local Check Point office on this, it's very likely this is considered a "customer release" at present.
Given that it's rolled out to a public JHF, it's a good indication this will be formally supported in the near future.

Is there any new information when it will be formally supported?

We tested it and it works, we need it badly, but we will not rollout a unsupported solution.

Unfortunately, I have no information on this.
Your best bet is to consult with your local Check Point office, who will likely need to engage with Solution Center internally.

https://support.checkpoint.com/results/sk/sk181494

looks like the Capsule SK is released now

Hi, is there any document that explains how to implement it specifically for capsule app once gateway is updated?

Hi,

Did you find any documentation on the Capsule SAML setup?

I'm also looking for any feedback on the difference and what is better/worse compared to the classic Endpoint VPN?

Thanks

For Capsule VPN/Capsule Connect, for Iphone or Android,
install the App on the phone and create the site.

For gateway side configuration, only requires the necessary jumbo take.
and the Authentication page follows the same Remote Access configuration.
Set Auth type to Provider.

I have a Remote Access Gateway that already has SAML for the Endpoint clients, so it was just a matter of installing the correct Jumbo Take (sk181494) and create the site on the phone app.

So if this was a fresh environment, I would follow SK172909 for any R81.10 gateways, as you would still need the SAML script to be run on your Management server unless you are a full R81.20 environment. SK172909 for script, sk181494 for Capsule Jumbo requirement.