This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rapsodiaverde
Explorer
‎2022-07-18 05:37 AM

MFA Azure disabling Capsule

Hello,

I configured MFA with Azure on a customer network to be able to authenticate VPN connections from the remote users.

As I know, there is no option to configure Capsule VPN with MFA Azure, so I decided to disable Capsule as a method in the VPN settings and only allow Endpoint Security to enforce users to only use Azure MFA.

 

But there's is 1 device from the CEO (an IPAD) that it's mandatory that can be able to connect to the VPN.

So there is a way to enable Capsule but only 1 user or 1 device be able to authenticate?
Or exists some method to integrate Capsule with MFA Azure?

The only solution that I found is to deactivate all methods except Endpoint Security and Capsule for IOS.

Thank you

Labels
0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2022-07-22 12:58 PM

I assume you mean MFA with Azure AD.
This is currently not supported on Capsule Connect for iOS.

While you cannot prevent any user from authenticating to the VPN with Capsule Connect, you can prevent users who do authenticate from actually connecting to anything.
This ultimately involves creating two Access Roles:

  • One for the CEO (only) connecting via Capsule Connect
  • One for everyone else connecting via Capsule Connect

In your rulebase, you'll end up creating two rules: One that allows the CEO to connect to the relevant resources, and another that denies all access from other users.
See the following on creating Access Roles: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_IdentityAwareness_AdminGuide... 

Note that you will need to enable Identity Awareness if it's not enabled already and enable Remote Access as one of the Identity Sources (not enabled by default).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events