Duo

Duo provides more security layers to your SSO authentication with Identity Providers (IdP). This document does not include the configuration of Duo with different IdPs. For information on how to configure Duo, see the Duo official documentation.

The instructions below imply that you have already configured Duo with your Identity Provider. To log in to the Check Point Portal with SSO integrated with Duo, you have to change the configuration.

To integrate your Identity Provider with Duo, follow these steps:

  1. Configure Single Sign-On.

    1. For general instructions, see https://duo.com/docs/sso.

    2. If you configure a SAML Identity Provider, in the Configure the SAML Identity Provider section, copy the Assertion Consumer Service URL to use it in Step 2.

  2. Configure an Application for a Generic SAML Service Provider, see https://duo.com/docs/sso-generic.

    1. In the Downloads section, find SAML Metadata and click the Download XML button. Keep the file to use in Step 3-d.

    2. In the Service Provider section, for Entity ID, enter the Check Point Portal entity ID from the Check Point Portal Allow Connectivity page in Step 3-c.

    3. For Assertion Consumer Service (ACS) URLs, enter the Reply and Sign-on URLs from the same page in the Check Point Portal.

    4. In the SAML Response section, below the Map attribute, set the attributes for users (preconfigured) and groups (custom) as it shows in the Check Point Portal Allow Connectivity page (if applicable). For the example of the custom claims configuration in Azure AD, see https://help.duo.com/s/article/7167?language=en_US.

In the Application you created, edit the SAML settings. Enter the Assertion Consumer Service URL that you copied from Duo in Step 1-b for all SAML settings.

  1. In the Check Point Portal, navigate to > Identity & Access and click the plus icon.

  2. Enter a name for the Integration Title and select Duo.

  3. Verify your domain.

  4. In the Allow Connectivity step, copy the entity ID and URLs and enter them in Duo when you configure a Generic SAML Service Provider in Steps 1-b-ii and 1-b-iii.

  5. In the Configure Metadata step, upload the Duo metadata XML file from Step 1-b-i.

  6. Make sure the Identity Provider configurations are correct.