Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tom_Heesmans
Contributor

Identity agent no SSO after hardening

Hi all,

 

Since we have hardened our Windows 10 systems we noticed that the identity agent is no longer automatically logging in.

First we thought this had something to do with the network discovery so we've configured the server (gateway) manually within the agent. However no change.

 

I'm looking for information on the "inner workings" of the agent to find out why the user is not able to SSO directly. We have tested on laptop system with cached credentials still enabled but the same issue occurs.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

What precise steps did you take to harden Windows 10?
Tagging @Royi_Priov also.

0 Kudos
Tom_Heesmans
Contributor

We did a lot, <correction> we applied CIS level 1.

0 Kudos
Tobias_Moritz
Advisor

I suggest checking this thread:
https://community.checkpoint.com/t5/Management/When-will-AES-256-AES-128-Kerberos-cipher-suites-fina...

I guess your hardening disabled some legacy ciphers for Kerberos on your clients, so you have to adjust Identity Awareness config to use modern ciphers your client still supports.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/IDA...

 

0 Kudos