Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
adamhi
Explorer

Identity Awareness using Azure AD

Jump to solution

Hi,

Possibly a daft question, but can anyone confirm if IA works against Azure AD as opposed to 'normal' AD? This is for an org that won't have any on prem AD at the end of the implementation.

I've had a look through the deployment guide for the version we would be implementing but it doesn't specifically mention Azure as being OK and I understand from our cloud architects that it's a bit different to AD as I know it.

Thanks in advance.

A.

0 Kudos
Reply
1 Solution

Accepted Solutions
Royi_Priov
Employee
Employee

Hi @adamhi ,

 

In R80.40, you can use SAML integration with AzureAD for authentication and autorization.

However, in the IDA picker (when you create access roles), you will need to represent the AzureAD objects (users/machines/groups) manually as "Identity Tag" objects.

In R81, the integration of AzureAD in IDA picker will be available, where you can create your AzureAD object and select the objects from AAD same way as you do it on regular AD.

It will be available for EA via R81 EA program. Please contact your local SE for more details.

 

Thanks,
Royi Priov
Group manager, Identity Awareness R&D

View solution in original post

0 Kudos
Reply
12 Replies
PhoneBoy
Admin
Admin

@Royi_Priov this is still in EA, right?

0 Kudos
Reply
Royi_Priov
Employee
Employee

Hi @adamhi ,

 

In R80.40, you can use SAML integration with AzureAD for authentication and autorization.

However, in the IDA picker (when you create access roles), you will need to represent the AzureAD objects (users/machines/groups) manually as "Identity Tag" objects.

In R81, the integration of AzureAD in IDA picker will be available, where you can create your AzureAD object and select the objects from AAD same way as you do it on regular AD.

It will be available for EA via R81 EA program. Please contact your local SE for more details.

 

Thanks,
Royi Priov
Group manager, Identity Awareness R&D

View solution in original post

0 Kudos
Reply
adamhi
Explorer

Thanks gents, much appreciated.

This isn't going to be needed until Q2 2021, so I'm not sure we need to look into EA. I'll let the hierarchy know that it is feasible given current tech stack.

A

0 Kudos
Reply
Royi_Priov
Employee
Employee

Hi @adamhi , by that time you will be able to use the GA of this feature (as part of R81).

Good luck 🙂

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Reply
Martins
Contributor

Hi, just the manager needs to use the R80.40 to work with SAML? Or the gateways too?
Thanks!

0 Kudos
Reply
PhoneBoy
Admin
Admin

This requires R80.40+ gateways.

0 Kudos
Reply
Royi_Priov
Employee
Employee

Hi @Martins 

I will clarify:

  • In R80.40 we have added SAML support to IDA captive portal. it means we can use AAD as SAML Identity Provider. 
  • in R81 we have added AzureAD as user directory, which means you can configure entities (users/group/machines) from AAD in Identity Awareness Access Roles objects.

 

Both features requires both SmartCenter and GW to be in this version.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
Martins
Contributor

Hi @Royi_Priov ,
Thank you for clarify.
Can I use SAML with 3rd party (MFA) as a Identity provider to autenticate the VPN ?

Thanks.

0 Kudos
Reply
PhoneBoy
Admin
Admin

VPN clients currently do not support SAML authentication.
This is planned for a later release. 

Paul_Grigg
Employee
Employee

R81 IDA admin guide has two videos regarding SAML and Azure AD configuration. (The SAML video was available in R80.40 admin guide.)

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_IdentityAwareness_AdminGuide/Topic...

 

0 Kudos
Reply
AntoF
Explorer

@Royi_Priov - I went through the R81 Identity Awareness admin guide and watched the videos. It shows that it SAML is supported for Captive Portal. Will this also work for the Endpoint Security VPN clients?

0 Kudos
Reply
PhoneBoy
Admin
Admin

Just answered this in a different thread where you asked the same question: coming soon.

0 Kudos
Reply