Adding Users
You can add new users either through an Identity Provider or manually (local).
Harmony Connect supports up to 50 local users for Internet Access and Network Access (both inclusive) and up to 50 local users for Application Access.
|
Best Practice - Check Point recommends to add users through an Identity Provider. For more information, see sk173623. Local users should be added for either evaluation or temporary users, such as contractors. |
Prerequisite
If the endpoint's firewall policy is configured to block some or all outgoing traffic, then you must add these outbound rules to the firewall application (for example, Microsoft Firewall Defender) to allow the Harmony Connect Agent to communicate with Check Point cloud
An administrator approved Harmony Connect cloud location that processes the internet and corporate traffic..
For Windows-based PCs
|
Rule Name |
Action |
Program |
Port |
|---|---|---|---|
| Check_Point_Harmony_UDP | Allow | %Program Files%\CheckPoint\Harmony Connect\resources\tools\openvpn\openvpn.exe | UDP 1194 |
| Check_Point_Harmony_TCP | Allow | %Program Files%\CheckPoint\Harmony Connect\resources\tools\stunnel\bin\stunnel.exe | TCP 443 |
| Check_Point_Harmony_Connect | Allow | %Program Files%\CheckPoint\Harmony Connect\Harmony Connect.exe | - |
| Check_Point_Harmony_Windows_Service | Allow | %Program Files%\CheckPoint\Harmony Connect\roaming_service\RoamingWindowsService.exe | - |
The first two rules allow traffic to OpenVpn and the last two rules allow traffic to Check Point's backend services.
For macOS-based PCs
|
Rule Name |
Action |
Program |
Port |
|---|---|---|---|
|
OpenVpn |
Allow |
openvpn |
UDP 1194 |
|
Stunnel |
Allow |
Stunnel |
UDP 1193 TCP 443 |
Adding Users Manually
To add users manually:
-
Go to Assets > Users and Devices.
-
Click Add in the toolbar.
-
In the Invite Users window, click the New button and enter the applicable name and the email for the user.
-
Click Add.
-
Click Edit to view or edit the user details.
-
Repeat steps 3-5 to add additional users.
-
Select security capabilities:
-
For internet access for remote users that connect with a Client application, select Secure Internet access by installing Harmony Connect Agent.
Each user has to receive an email with a download link for the agent installer. The download link in the e-mail is valid for 5 days only. After 5 days, the download link expires. -
For Application Access to corporate application, select Secure corporate application access with the User App Portal.
Each user has to receive an email with a temporary password for access to the User App Portal.
You can select two options simultaneously for two types of connections. For more information, see sk173623.
-
-
Click OK.
Harmony Connect sends an email to users to download:
-
To provide secure internet and corporate access to remote users from their computers, access the email on the computer. For more information, see Harmony Connect Agent User Guide.
-
-
To add another device to an existing user:
-
Go to Assets > Users and Devices.
-
Click Add Another Device.
The Add Trusted Device window appears.
-
Enter Device Description and click Add.
Harmony Connect sends an email to user to download the application. The user must access the email from the added device.
-
Adding Users with Identity Providers
To add new users through an Identity Provider:
-
Go to Global Settings > Identity & Access > Identity Providers. For documentation, see Global Settings > Identity & Access > Identity Providers in the Infinity Portal Administration Guide.
-
Go to Assets > Users window and click Download Agent.
-
Select the File Type and IDP.
-
Click Download.
-
Share the downloaded installer with your users or distribute it with enterprise group policy tools, such SCCM, Intune, or JAMF. For more information, see sk172550.
|
Note - When you use the Identity Provider option, the option to add users manually is not available. |
Deleting Users
You can only delete users when you manage them manually, without an Identity Provider. You can, however, revoke each of the user devices for secure Internet Access.
Users deletion is permanent and irreversible. When you delete a user:
-
For secure Internet Access: the users' Harmony Connect Agent shows “Could not connect to Check Point Cloud” message and their internet access is not secured.
-
For secure Application-Level access
Clientless access to specific corporate applications, such as web, SSH, RDP, tunnel, and database applications.: The users are disconnected from their active session and logged out of the system. They are not able to log back in, unless the administrator adds them as users again. -
The user's connection to the network persists until the system revokes the certificate on the server. The system checks and revokes the certificate at every one hour intervals.