@Alex2023 

I believe this is what you need to follow, but will verify.

Andy

https://learn.microsoft.com/en-us/entra/identity/saas-apps/check-point-remote-access-vpn-tutorial

Hi @the_rock ,

thank you for your message. I set up the Azure authorization according to that guide, and everything is working perfectly. However, I can’t find a function in Azure that would enforce authentication each time a client connects.

I used sk180948 to implement persistent authentication. I was hoping there might now be an option in Check Point to handle this without manually editing the config file.

Alex

This option likely pertains to Conditional Access Policies in Office365. See more here: https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-session-lifetime#require...

Yep, thats it!

Andy

Hi @the_rock ,

Simply activating this function in the Conditional Policy didn’t change anything. The MS documentation includes the following: 'Sign-in frequency set to every time works best when the resource has the logic of when a client should get a new token.'

It seems to me that some configuration change might also be needed on the Check Point side. Is there anyone we could ask about this?

Alex

Thats the same link my collegue sent me as well, sorry. Im not aware of anything else. Maybe you can double check with TAC or lets see if someone else may know.

Andy

After a few hours, it started working better. Authentication is requested if the last session was more than 5 minutes ago.

Maybe just took some time...

Agreed, Microsoft always requires some time.

I wish that were only true for Microsoft lol

Anyway, is it working for all users now?

Andy

Yes, this works for everyone who falls under this Conditional Policy.

Alex