This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tom_Heesmans
Contributor
‎2021-06-01 12:49 AM

Identity agent no SSO after hardening

Hi all,

 

Since we have hardened our Windows 10 systems we noticed that the identity agent is no longer automatically logging in.

First we thought this had something to do with the network discovery so we've configured the server (gateway) manually within the agent. However no change.

 

I'm looking for information on the "inner workings" of the agent to find out why the user is not able to SSO directly. We have tested on laptop system with cached credentials still enabled but the same issue occurs.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-06-01 06:43 AM

What precise steps did you take to harden Windows 10?
Tagging @Royi_Priov also.

0 Kudos
Tom_Heesmans
Contributor
‎2021-06-01 06:47 AM
In response to PhoneBoy

We did a lot, <correction> we applied CIS level 1.

0 Kudos
Tobias_Moritz
Advisor
‎2021-06-03 07:51 AM
In response to Tom_Heesmans

I suggest checking this thread:
https://community.checkpoint.com/t5/Management/When-will-AES-256-AES-128-Kerberos-cipher-suites-fina...

I guess your hardening disabled some legacy ciphers for Kerberos on your clients, so you have to adjust Identity Awareness config to use modern ciphers your client still supports.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/IDA...

 

0 Kudos