This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
adamhi
Explorer
‎2020-05-12 07:25 AM
Jump to solution

Identity Awareness using Azure AD

Hi,

Possibly a daft question, but can anyone confirm if IA works against Azure AD as opposed to 'normal' AD? This is for an org that won't have any on prem AD at the end of the implementation.

I've had a look through the deployment guide for the version we would be implementing but it doesn't specifically mention Azure as being OK and I understand from our cloud architects that it's a bit different to AD as I know it.

Thanks in advance.

A.

43 Replies
Shahar_Grober
Advisor
‎2021-06-25 02:12 AM
In response to Royi_Priov
Jump to solution

Hi Royi, 

Do you know if the Azure SAML + IDA integration supports WVD? 

it is supported on On-prem TS / Citrix with MUH (Identity Agent) 

 Did you look into this use case?

0 Kudos
Royi_Priov
Employee
Employee
‎2021-06-27 12:34 AM
In response to Shahar_Grober
Jump to solution

Hi @Shahar_Grober,

are you referring to WVD with multisession option? so few users are connection simultaneously?

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
0 Kudos
Netadmin2020
Collaborator
‎2021-03-15 02:14 AM
In response to Royi_Priov
Jump to solution

@Royi_Priov 

I understood .Can you please so me a example with the identity tag?

thanx 

@adamhi 

We have a hybrid environment,that means we NEED ldap and azure ad Identity Awareness!

 

 

0 Kudos
Royi_Priov
Employee
Employee
‎2021-03-15 02:27 AM
In response to Netadmin2020
Jump to solution

Hi @Netadmin2020 ,

You will need to:

  1. Configure Identity Provider object and use this object in captive portal settings.
  2. Configure new Identity Tag object with your AzureAD entity identifier (user / group identifier).
  3. place this tag object in an Access Role.

You can use both Azure AD and LDAP with IDA, but not in parallel with captive portal.

For example, you can use captive portal with AzureAD (SAML) and other identity source with LDAP. Alternatively, one GW will use captive portal with SAML and the other one captive portal with LDAP. The reason is that the redirection action will be done once and we need to distinguish if this should be done with AD or with SAML.

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
0 Kudos
Netadmin2020
Collaborator
‎2021-03-15 02:36 AM
In response to Royi_Priov
Jump to solution

check if these are correct.

sso1.JPG

2.JPG

3.JPG

4.JPG

  

0 Kudos
Royi_Priov
Employee
Employee
‎2021-03-15 05:20 AM
In response to Netadmin2020
Jump to solution

After a quick brief, yes.

If this is still not working for you, please involve TAC to troubleshoot. Thanks!

Thanks,
Royi Priov
R&D Group manager, Infinity Identity
0 Kudos
Arend
Contributor
‎2022-08-16 03:47 AM
In response to Royi_Priov
Jump to solution

Hi Royi,

(R81.10 sms and R81.10 gw's)

When creating the application according to the Check Point video 'Using Azure AD for Authorization'. it explains to use the non-gallery application but at the moment there is also the option for the gallery application by Check Point called "Check Point Remote Secure Access VPN".

What direction do we take when setting up 'Azure AD for Authorization' ?

video Using Azure AD for Authorization: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_IdentityAwareness_AdminGuide...

0 Kudos
RPdeBeer
Participant
‎2022-02-09 02:56 AM
In response to Royi_Priov
Jump to solution

Does anyone knows if this works in Azure in an CloudGuard scale set (VMSS) configuration?

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-02-09 03:54 AM
In response to RPdeBeer
Jump to solution

I'm sure Royi will be along to provide additional color here in due course.

Until then bootstrapping the IDA configuration for newly spun gateways is the primary caveat I see, there are new APIs coming in R81.20 that may help here.

 

CCSM R77/R80/ELITE
0 Kudos
RPdeBeer
Participant
‎2022-02-09 04:20 AM
In response to Chris_Atkinson
Jump to solution

Hi Chris,

Do you know whether it is at all possible on VMSS, if you were to configure it manually for example?

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-02-09 04:25 AM
In response to RPdeBeer
Jump to solution

Don't see why you couldn't with gateways & management at the appropriate version but I've not tested it myself.

CCSM R77/R80/ELITE
0 Kudos
RPdeBeer
Participant
‎2022-02-09 04:28 AM
In response to Chris_Atkinson
Jump to solution

Because, so far I see, you are not able to reuse the Azure AD object for the second gateway which is created for the first gateway during the IA wizard.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-02-09 04:34 AM
In response to RPdeBeer
Jump to solution

R81 or above? Also to be clear you can use said object with additional non-IaaS gateways problem free?

CCSM R77/R80/ELITE
0 Kudos
RPdeBeer
Participant
‎2022-02-09 04:59 AM
In response to Chris_Atkinson
Jump to solution

Sorry, forgot to mention the version we are running on. We are using R81.10 CloudGuard IaaS. 

We don't have non-IaaS gateways in this environment. 

P.S. Yesterday we saw a new product from Check Point in the Azure marketplace: Check Point Identity Awareness. When we wanted to test this product today, we saw that it had been removed from the marketplace again.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events