Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

Simplifying Zero Trust Security with Infinity Identity: Video, Slides, and Q&A

Slides are posted below the Q&A, which is posted below the video:

Is this working with Quantum Spark SMB Gateways?

Not currently.

Is it a full IdP solution?

Infinity Identity is for integrating with Identity Provider solutions. It is not an Identity Provider on its own. 

Any UEBA features included?

We plan to integrate this information provided through the Identity Provider in the future.

What are the requirements to use Infinity Identity?

During the Early Availability phase:

  • R82 Management 
  • R81.20 JHF 65 Gateways

We will integrate support into future JHF

Does the new captive portal support multiple authentication methods, where the user can choose?

This will be possible in the near future.

Infinity Identity require any additional licenses???

No cost during EA phase. Cost (if any) is still under discussion.

live answered

Will be same "seamless integration" available for Cisco ISE?

Not initially. We're looking to integrate additional source of identity. If you have specific requests in this area, please reach out to @Royi_Priov.

Will there still be a need for the Identity Agent? How will identities be captured on the macOS side with the Identity Agent?

For Microsoft Intune and/or Windows Defender, we can integrate without a specific agent. In other cases, Identity Agents will still be needed.

Note that Harmony Endpoint and Harmony SASE will be supported as an identity source in the future.

Are these IdPs exclusive to Infinity Identity? Will it come for on-prem environment?

The IdPs should also work for entirely on-premise environments, however the level of integration will be significantly improved using Infinity Identity.

Is there a specific integration with Entra ID, like user object score check if a user score below 80, do not give access through the firewall rulebase?

This is planned.

Are multiple Entra-ID tenants are supported?

Yes

Will identity information from the Identity Infinity be available via API?

Not currently. The Identity Awareness API currently queries pdp, whereas Infinity Identity talks directly to pep. 

How does Infinity Identity acquire identities from Intune/Defender clients?

Though a management-side integration (i.e. it's not exposed on the client).

How will be the transition from classical AzureAD integration to Infinity ID occur?

Infinity Identity is another identity source that can be used alongside your existing methods.

How many (concurrent) users are supported during EA?

The limiting factor is the number of identities a single gateway can support (200,000). 

Can the solution cope with dual stack IPv4 and IPv6?

This is planned.

Is connectivity from Infinity Portal to on prem AD handled via inext-agent (nano)?

Yes

Is group membership cached or is checked for every packet?

Cached. However, we periodically update the group information from the IdP (either poll or push depending on configuration).

Is this supported on Smart-1 Cloud?

One tenants are upgrade to R82, this should be supported.

Is there an on-premise Infinity Identity server planned in the future or only in the cloud?

Infinity Identity is hosted in Infinity Portal. The IdPs supported (outside of on-prem AD) are in the cloud already.

Could you use machine objects (in the access roles) or only users with EntraID/Intune integration?

Yes, these should be included.

Can i add IDP that are not in the default list?

There is an option to configure Generic SAML. However, you will not get the group information from Generic SAML.

How can I participate in the Early Availability for Infinity Identity?

Reach out to @Royi_Priov (royip@checkpoint.com)

(1)
Who rated this post