Generic SAML Server
Use these instructions to configure the SSO Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. authentication with a Generic SAML
Security Assertion Markup Language. An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. server.

-
In the Infinity Portal go to Global Settings > Identity & Access > click the plus icon.
-
Enter a name for the Integration Title and select Generic SAML.
-
Click Next.

In this step, you can configure SSO authentication for Infinity Portal administrators and for end users of Check Point services.

-
Select Enable Administrators to log in to the portal using this IdP.
-
Select one of these options:
-
One organizational account - Infinity Portal Administrators can log into this Infinity Portal account with SSO from the Identity Provider
A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP.. Administrators log in through the Infinity Portal login page.
-
One or more organizational accounts - Infinity Portal Administrators can log in with SSO from the Identity Provider for multiple Infinity Portal accounts. Administrators log in through the URL that shows in the box.
-
-
Do one of these actions:
-
Continue to the Service(s) Integration section.
-
Click Next / Apply to complete the Integration Type configuration.
-

-
In the Service(s) Integration section, select one of these options:
-
No Services - There is no SSO authentication from the Identity Provider for end users of Check Point services. This is the default configuration.
-
All Services - End users can log in with SSO from the Identity Provider for all Check Point services that support SSO.
-
Specific Service(s) - A list of services opens. Select service(s) for which you want end users to log in with SSO from the Identity Provider. Available services:
-
Harmony Connect
-
Quantum Gateways
-
-
-
Click Next / Apply to complete the Integration Type configuration.

|
Note - If you select One of more organizational accounts, this step is not necessary. |
Verify the ownership of your domain to make sure successful identification for all the users that belong to your organization.
-
Copy the DNS record value.
-
Enter the Value to your DNS server as a text record.
-
Below Domain(s), enter one or more email domains that your company uses and click [+] after each one.
Note - After three to five minutes the DNS record propagates and is resolved.
-
When all domains show on the list, click Next.

Copy the URLs and enter them at your identity provider's portal.

Upload the federation metadata XML file that your IdP provides.

Review the details of the SSO configuration and click Submit.
|
Important - Create a user group with the applicable roles and assign it to the related IdP group name or ID. This depends on the applicable identity provider before you log out. For more information, see User Groups. |