Getting Started with Identity and Trust

Use Getting Started to configure Identity and Trust (formerly known as Infinity Identity) with an Identity Provider (IdP) or Microsoft Active Directory (AD). Integrating these services ensures secure and seamless authentication across the network infrastructure.

Prerequisites

To begin, the following requirements must be met:

• Identity and Trust trial or permanent license

• Check Point Portal (formerly known as Infinity Portal) Account (tenant)

• R82.10 Security Management Server

• R82.10 Security Gateway

Note - If you require Identity and Trust to work in an R82 environment, contact your local Account Manager for details. R82 Security Gateways must run in User Space Firewall (USFW) mode. For more information, see the R82 Performance Tuning Administration Guide.

First-Time Configuration Workflow

1. Connect a cloud-based Identity Provider (IdP) or an on-premises Active Directory/Microsoft ADFS server to Identity and Trust. Identity and Trust pulls information about users, devices, and groups from the directory of the IdP or server. You can create a new integration, or use an existing integration of an IdP with the Check Point Portal. If you use an existing IdP integration, Directory Integration must be enabled in the Check Point Portal.

   Create one integration to get started. You can create more integrations after you complete first-time configuration. Identity and Trust supports these Identity Provider sources:

   • Microsoft Active Directory

   • Microsoft Entra ID

   • Okta

   • Ping Identity

   • OneLogin

   • Google Workspace

   • Generic SAML Server

2. Connect one or more Identity Integrations to Identity and Trust. Identity integrations identify users and machines. Identity and Trust supports these identity integrations:

   • Identity Collector (for Microsoft Active Directory, Cisco ISE, Syslog, NetIQ eDirectory)

   • Microsoft Intune and/or Microsoft Defender (for Microsoft Entra ID)

   • Terminal Server Identity Agent

   • CrowdStrike Falcon

   • Endpoint Security (for endpoint computers)

   • Check Point SAML

3. Connect one or more Security Gateways to act as consumers of Identity and Trust

   1. Connect the subsystems. See Step 1: Connect the Security Management Server and Security Gateway(s) to the Check Point Portal.

   2. Configure Identity Awareness to work with Identity and Trust. See Step 2: In SmartConsole, configure Identity Awareness as an identity consumer of Identity and Trust.

   3. Create Access Control rules. See Step 3: In SmartConsole, create Access Control rules based on directories that the Security Gateway gets from Identity and Trust

4. Test the configuration:

   1. Use an IdP or server that you configured for Identity and Trust to authenticate yourself.

   2. Try to access a resource located behind the Security Gateway.

   3. Check if the Security Gateway applies the Access Control rule that your created for your identity.

   4. In Identity and Trust, make sure the test session appears in Active Sessions. For more information, see Active Sessions.

   5. Stop the test session.

   6. In Identity and Trust, make sure the test session appears in Logs. For more information, see Logs.