This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MauriceM
Explorer
‎2023-05-19 11:26 AM
Jump to solution

Identity Awareness with RSA SecurID

so, I've been tasked with migrating off the no longer supported Client Authentication feature to Identity Awareness.  We use RSA SecurID Tokens as part of that browser-based authentication.

I have it working for users that were existing Client Auth users, but I'm having issues with new employees that are authenticating for the first time.

The issue stems from the fact that new users have to create a unique PIN number as part of the first login process which is then combined with the RSA generated token code on future login sessions. So, when using Client Auth a new user will login with their username and the code that's generated by the RSA Token. The system then presents them with a screen that asks them to create a PIN and once that's created all future logins are username with a password of PIN + TOKEN CODE.  Identity Awareness is treating that first login as a password failure instead of recognizing that it's a first-time login.

What I'm assuming is that there's some additional configuration necessary to get Identity Awareness to handle this login flow correctly, but I can't seem to find documentation on how to implement this.  Can anyone point me in the right direction to get this done?  I've asked through the normal support case, but they claim they only handle break/fix issues and not configuration assistance. I've escalated to my accounts team, but thought I'd post here in case someone has had to do this in their environment.

 

Labels
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-05-19 01:13 PM
Jump to solution

Pretty sure Captive Portal does not support this authentication flow.
As such, it would be an RFE that would need to be discussed with your local Check Point office.

However, it appears SecurID supports SAML per https://community.rsa.com/t5/securid-cloud-authentication/saml-applications-idr/ta-p/623025 
We support SAML from R80.40 and above, which allows the authentication flow to happen entirely in the Identity Provider.
Therefore, this authentication flow should work.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2023-05-19 01:13 PM
Jump to solution

Pretty sure Captive Portal does not support this authentication flow.
As such, it would be an RFE that would need to be discussed with your local Check Point office.

However, it appears SecurID supports SAML per https://community.rsa.com/t5/securid-cloud-authentication/saml-applications-idr/ta-p/623025 
We support SAML from R80.40 and above, which allows the authentication flow to happen entirely in the Identity Provider.
Therefore, this authentication flow should work.

0 Kudos
MauriceM
Explorer
‎2023-05-22 01:30 PM
In response to PhoneBoy
Jump to solution

Appreciate the response @PhoneBoy I don't think the SAML option will work for my RSA appliance, but I'll see if this can be handled via an Enhancement.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events