Identity Provider Settings

Identity Provider is used to identify the user that signs into the Harmony Connect Agent. For more information, see Identity Awareness.

You can configure the Identity Provider settings from Global Settings > Identity & Access > Identity Providers that applies to all registered products in the Check PointInfinity Portal. For documentation, see Global Settings > Identity & Access > Identity Providers in the Infinity Portal Administration Guide.

Use Cases

Feature Support

Harmony Connect integrates with various Identity Providers that implement the SAML protocol. The table below shows features that the Identity Providers support.

Identity Provider Branch Office Users Remote Users (Client and Clientless)

Automatic Sync of Users and Groups2

Seamless Login3

Microsoft AD FS1

Microsoft Entra ID (formerly Azure AD)



Ping Identity

Generic SAML1

For clientless access only

Google IDP

Notes :

  1. Does not support automatic sync of users and groups with Harmony Connect. You must manually add users and groups in the Harmony Connect Administrator Portal.

  2. Harmony Connect syncs with the Identity Provider:

    • Every 15 minutes for new users and groups.

    • Every 4 hours for changes in user or group association only if the sync ID is configured.

    The sync speed depends on factors, such as System for Cross-domain Identity Management (SCIM) configuration and the Identity Provider’s sync interval.

  3. Seamless login is supported only with Identity Providers that support automatic sync.

    • With seamless login, remote users are directed to log in through the Identity Provider only once when they access resources; the Harmony Connect Agent, internet and corporate network for the first time.

    • Without seamless login, remote users are directed to log in through the Identity Provider:

      • When they access the resources for the first time or when initiating a new session.

      • The next time when they access the resources after the session has expired or terminated. The session expires after 12 hours.

  4. Users must be logged into the IDP for Harmony Connect to determine the users' identity.

Multiple Identity Provider Support

Harmony Connect supports configuration of multiple IDPs. If you configure multiple IDPs, a discovery page is presented to users to select the IDP. You must inform users about the relevant IDP to select in the discovery page.

The discovery page is presented:

  • When users access the Harmony Connect User App Portal (for Application-Access) or the direct link (URL) for the web application.

  • Every 12 hours when users access network or internet from the branch office.

  • Every 12 hours for authentication with the Harmony Connect Agent if the IDP does not support automatic sync.