- CheckMates
- :
- Products
- :
- Harmony
- :
- SASE
- :
- Re: Check Point Harmony connect Identity Provider ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check Point Harmony connect Identity Provider SafeNet(Thales)
Hello all,
We currently want to connect the identity provider SafeNet with Check Point Harmony. Unfortunately SafeNet is not listed as a native provider, so we have to use the generic SAML interface.
So far we have not been able to transfer the correct values (groups) to Harmony, which is why no user authentication can be performed.
Do any of you have experience or have even actively integrated SafeNet?
We are grateful for every tip
Greetings Stefan
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
we have managed to connect Safenet Thales to the Check Point Hamony Connect Cloud via genric SAML. attached you will find the screenshots of the configuration we created in the Safnet Thales portal. It is also important that the groups have to be created manually.
Just for Info, if somebody also want to use it
bye
Stefan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My understanding is that SAML itself isn't used for groups, or at least we're not using it for that.
In Azure AD, for instance, we use the Graph API to pull groups.
A specific integration would likely be an RFE.
@Royi_Priov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Indeed SafeNet is not listed as one of the vendors in the Harmony Connect IDP wizard, so we need to use the generic option. It means that the users/groups will not be listed while trying to configure rules in the poilcy.
@Keren_Greenblat maybe you can elaborate better about the needed steps to make it work from HC policy point of view?
Royi Priov
R&D Group manager, Infinity Identity
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
AFAIK, SafeNet was never tried with generic (I would have known).
also there's no guarantee that it will work.
please try these steps for your configuration:
General SAML IDP - how to configure with customer
- Configure the wizard
- Be aware that full sync isn’t supported.
- On the IDP side use the URL’s from the connectivity page in the idp wizard (2 urls must be configured for Entity ID and reply URL(sso))
- Try to configure the following claims:
- nameId – email format
- ‘userId’ – user object id in the IDP.
- 'First Name' – user first name
- 'Last Name' – user last name
- ‘email’ – user email
- ‘groups’ or “urn:mace:dir:attribute-def:groups” as key, value should be the group name
if this still doesn't work, and it's a deal breaker, I will be able to join for a two hours (maximum) session to try and help.
please note, I had similar session last week for KeyCloak over generic, but after two hours we still couldn't complete relevant configuration.
Such cases are example why it cannot really done online with customer. IDP official support requires developer research that usually takes few days, and therefore closing it in a session with customer is less recommended (therefore I suggest to allocate 2 hours max for that).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have already integrated Harmony Connect with Thales STA (Safenet Trusted Access) and it worked. But I tried it only for Harmony Connect Internet Access if I remember correctly.
I don't have it enabled anymore.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Norbert,
Do you happen to have a screenshot or a small documentation of the values you have stored in the Safenet portal for Check Poitn Harmony?
Happy new Year !!
bye
Stefan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, no, I have only tested it and removed the configuration directly afterwards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
we have managed to connect Safenet Thales to the Check Point Hamony Connect Cloud via genric SAML. attached you will find the screenshots of the configuration we created in the Safnet Thales portal. It is also important that the groups have to be created manually.
Just for Info, if somebody also want to use it
bye
Stefan