Generic SAML Server

Use these instructions to configure the SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. authentication with a Generic SAMLClosed Security Assertion Markup Language. An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. server.

  1. In the Infinity Portal go to > Identity & Access > click the plus icon.

  2. Enter a name for the Integration Title and select Generic SAML.

  3. Click Next.

In this step, you can configure SSO authentication for Infinity Portal administrators and for end users of Check Point services.

  1. Select Enable Administrators to log in to the portal using this IdP.

  2. Select one of these options:

  1. In the Service(s) Integration section, select one of these options:

    • No Services - There is no SSO authentication from the Identity Provider for end users of Check Point services. This is the default configuration.

    • All Services - End users can log in with SSO from the Identity Provider for all Check Point services that support SSO.

    • Specific Service(s) - A list of services opens. Select service(s) for which you want end users to log in with SSO from the Identity Provider. Available services:

      • Harmony Connect

      • Quantum Gateways

  2. Click Next (or Apply) to complete the Integration Type configuration.

Note - If for Integration Type you selected "Login with a Unique URL", the Verify Domain step is not necessary.

  1. Copy the DNS Value from the Infinity Portal.

  2. On your DNS server, enter the Value as a TXT record.

  3. In the Infinity Portal > Domain(s) section, enter a public DNS domain server name and click the plus icon.

    Check Point makes a DNS query to verify your domain's configuration.

  4. Optional - add more DNS domain servers.

  5. Click Next.

    Note - Wait until the DNS record is propagated and can be resolved.

Copy the URLs and enter them at your identity provider's portal.

Upload the federation metadata XML file that your IdP provides.

Review the details of the SSO configuration and click Submit.

Important - Create a user group with the applicable roles and assign it to the related IdP group name or ID. This depends on the applicable identity provider before you log out. For more information, see User Groups.