AnsweredAssumed Answered

Identity Awareness auth and validation in separate domains?

Question asked by Paul Hewitson on Jan 23, 2019
Latest reply on Feb 5, 2019 by Royi Priov

With Identity Awareness is it possible to authenticate against one domain, and have Check Point validate the group membership for that user against another domain, thus providing them access if the same username exists in both domains?

 

I have a scenario where users are in Domain A. They are on workstations and also a Terminal Server in the same Domain A. They need to access resources in Domain B which is behind Check Point gateways, and there is a business requirement to identify the users by authenticating them against the isolated Domain B only (as it a secure environment).

 

Is this possible or could we only authenticate against Domain A in this scenario?

 

I guess Captive Portal could be used for the users on workstations, and have Check Point authenticate against Domain B, and the users use their Domain B accounts when authenticating?

But I don't see a method that would work for the Terminal Server, as the Identity Agent will pass on the credentials from Domain A.

 

Any thoughts?

Thanks

Outcomes