Generic SAML Server

Use these instructions to configure the SSO authentication with a Generic SAML server.

Prerequisite

  • Permissions to your company's DNS server if you select login-based domain verification as the integration type.

  1. From the left toolbar, click Getting started.

  2. In the Connect a directory section, click Connect (or Add another Directory).

    The IdP Integration wizard opens.

  3. Enter a name for the Integration Title and select Generic SAML Server.

  4. Click Next.

In this step of the IdP Integration Wizard, you can configure SSO authentication for Check Point Portal administrators and for users of Check Point Portal services (for example: Harmony Connect). This configuration does not affect Identity and Trust user authentication.

  1. Select Enable Administrators to log in to the portal using this IdP.

  2. Select one of these options:

    • Login based on domain verification - Check Point Portal Administrators can log in to this Check Point Portal account with SSO from the Identity Provider. Administrators log in through the Check Point Portal login page.

    • Login with a unique URL - Check Point Portal Administrators can log in to multiple Check Point Portal accounts with SSO from the Identity Provider. Administrators log in using the URL that appears at the bottom of the Login with a unique URL section. Copy this URL and keep it in a safe place.

  1. In the Service(s) Integration section, select one of these options:

    • No Services - End users of Check Point Portal services cannot authenticate with SSO from the Identity Provider. This is the default configuration.

    • All Services - End users can log in with SSO from the Identity Provider to all Check Point services that support SSO.

    • Specific Service(s) - From the list of services, select service(s) to allow end users to log in with SSO from the Identity Provider. Available services:

      • Connect

      • Quantum Gateways

  2. Click Next (or, if you are editing a configuration, Apply) to complete the Integration Type configuration.

Note - If you selected Login with a unique URL for Integration Type, the Verify Domain step is not necessary.

  1. Connect to your DNS server.

  2. Copy the DNS Value from the Check Point Portal IdP Integration wizard > Verify Domain step.

  3. On your DNS server, enter the Value as a TXT record.

  4. In the Check Point Portal > Domain(s) section, enter a public DNS domain server name and click the plus icon.

    Check Point makes a DNS query to verify your domain's configuration.

  5. Optional - add more DNS domain servers.

  6. Click Next.

    Note - Wait until the DNS record propagates and becomes resolvable.

Copy the URLs and enter them at your identity provider's portal.

Upload the federation metadata XML file that your IdP provides.

Review the details of the SSO configuration and click Submit.

Important - Create a user group with the applicable roles and assign it to the related IdP group name or ID. This depends on the applicable identity provider before you log out. For more information, see User Groups.