PingFederate

Follow these steps to configure SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. authentication with PingFederate.

Prerequisite

  • Permissions to your company's DNS server if you select login-based domain verification as the integration type.

  1. In the Check Point Portal, go to > Identity & Access and click the plus icon.

  2. Enter a name for the Integration Title and select PingFederate.

  3. To continue, click Next.

In this step of the IdP Integration Wizard, you can configure SSO authentication for Check Point Portal administrators and for end users of Check Point services.

  1. Select Enable Administrators to log in to the portal using this IdP.

  2. Select one of these options:

  1. In the Service(s) Integration section, select one of these options:

    • No Services - End users of Check Point Portal services cannot authenticate with SSO from the Identity Provider. This is the default configuration.

    • All Services - End users can log in with SSO from the Identity Provider to all Check Point services that support SSO.

    • Specific Service(s) - From the list of services, select service(s) to allow end users to log in with SSO from the Identity Provider. Available services:

      • Connect

      • Quantum Gateways

  2. Click Next (or, if you are editing a configuration, Apply) to complete the Integration Type configuration.

Note - If you selected Login with a unique URL for Integration Type, the Verify Domain step is not necessary.

  1. Connect to your DNS server.

  2. Copy the DNS Value from the Check Point Portal IdP Integration wizard > Verify Domain step.

  3. On your DNS server, enter the Value as a TXT record.

  4. In the Check Point Portal > Domain(s) section, enter a public DNS domain server name and click the plus icon.

    Check Point makes a DNS query to verify your domain's configuration.

  5. Optional - add more DNS domain servers.

  6. Click Next.

    Note - Wait until the DNS record propagates and becomes resolvable.

  1. In the PingFederate portal, create a SAMLClosed Security Assertion Markup Language. An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. application for the Check Point Portal. For more information, see PingFederate documentation.

  2. Copy the Entity ID from the Check Point Portal and paste it in the relevant field in the SAML application in the PingFederate portal.

  3. Optional - Select Enable IDP initiated flow to allow users of the PingFederate SAML application to access the Check Point Portal directly from the PingFederate portal.

  4. Copy the Reply URL from the Check Point Portal and paste it in the relevant field in the SAML application you created in the PingFederate portal.

  5. In the SAML application you created in the PingFederate portal, add the attributes and claims shown in the Check Point Portal > Mandatory User Attributes & Claims section.

  6. Click Next.

Important - Before you can test the connectivity between Ping Identity and Check Point Portal, you must complete all of the IdP integration steps in Check Point Portal.

In this step, you upload the federation metadata XML file.

  1. On the Check Point Portal, Identity Provider Wizard > Configure Metadata page, upload the Federation Metadata XML that you downloaded from the PingFederate Portal.

    Note - Check Point uses the service URL and the name of your Certificate to identify your users behind the site.

  2. Click Next. Check Point verifies the metadata of your Identity Provider.

Review the details of the SSO configuration and click Submit.

Important - Create a user group with the applicable roles and assign it to the related IdP group name or ID. This depends on the applicable identity provider before you log out. For more information, see User Groups.