Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Itzel_Gtz26
Participant

MFA for smart console

Is it possible to configure an MFA for device administrators when they log in via smartconsole or from the web?

I found the following URL but it is not specified

https://www.checkpoint.com/cyber-hub/network-security/what-is-multi-factor-authentication-mfa/#Types...

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

The easiest way to do this is with R81.20 and a SAML-based IdP like Azure AD.
See: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid... 

In earlier versions, it would have to be done through RADIUS/TACACS. 

0 Kudos
Itzel_Gtz26
Participant

My devices are in R81 and R81.10

 

Do you have the URL of how this configuration is done?

 

Since the only thing I found is for remote acces

0 Kudos
PhoneBoy
Admin
Admin

There isn't any specific documentation for MFA in SmartConsole in releases prior to R81.20.
The reason is that you would have to connect your desired MFA source to RADIUS/TACACS.
Using RADIUS/TACACS to authenticate SmartConsole users is well documented.
Note that you will only get a single password prompt.

Remote Access is somewhat different in that we added support for SAML Authentication in the JHFs for R80.40/R81/R81.10.
SAML Authentication for SmartConsole (where MFA is supported) was only added in R81.20.
Note that only your management needs to be in R81.20 to leverage this feature.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events