How to Configure the Integration Type for an Identity Provider

A unique SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. URL is a link to a specific web address (in this case, an Infinity Portal account). This URL is unique because it includes authentication information that allows the Infinity Portal to give or deny access based on a preconfigured IdP authentication procedure. If you have multiple Infinity Portal accounts, you may want to use the same IdP for all accounts to simplify user management. Alternatively, you may select to use a unique SSO URL for specific accounts to provide additional security or control.

How to select a configuration for your organization:

  • Your IdP is associated only with one Infinity Portal account.

  • Users log in through the Infinity Portal login page.

  • Require domain validation.

Without a Unique SSO URL, to log in to the Infinity Portal, users first enter a preconfigured Domain (Domain Validation) that has been set up by the administrator. To validate the user's credentials, the portal sends them to the configured IdP. If the IdP authenticates the user, access to the Infinity Portal is given and the user is directed to the last opened account.

If the domain is configured with more than one IdP, the portal uses an IdP discovery page to validate the user.

  • Your IdP is associated only with multiple Infinity Portal accounts, which are managed separately.

  • Users can login to the Infinity Portal with the Unique SSO URL.

Unique SSO URL removes the Domain Validation requirement from mandatory to optional. In addition, the Unique SSO URL gives users a direct link to a specific Infinity Portal account. To do this, the portal uses the IdP configured for the account.

In this illustration, users click a unique URL to get access to the ACME account, https://portal.checkpoint.com/signin/ACME. The portal then validates the user through the IdP configured for the account, in this case, Okta.

In addition, Infinity Portal administrators or account managers can select one IdP to manage multiple accounts without Domain Validation. For instance, in this scenario, Okta serves as the IdP for three Infinity Portal accounts labeled as "a," "b," and "c." Even though each account uses Okta as its IdP, the login URLs for each account are distinct, which means that users must access each account through its unique URL

Notes:

  • When you log in with a Unique SSO URL, the authentication is only through SSO and not as a local user (as in username and password).

  • The Unique SSO URL for the login procedure is not dependent on Domain Validation.

Before you start

  • Make sure that you know how to set up an identity provider in the Infinity Portal, see SSO Authentication Setup with Identity Provider.

  • To add the same domain name for a new account is not allowed. When there is no selected domain name, the user can log in only through the unique SSO URL, see SSO Authentication Setup with Identity Provider.

  • Existing Infinity Portal users can continue to log in through the Global URL (portal.checkpoint.com) as long as there is a domain configured. Or they can use the Unique SSO URL.

  1. In the Infinity Portal, go to > Identity & Access and select an Identity ProviderClosed A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP..

    For specific IdP instructions, see SSO Authentication Setup with Identity Provider.

  2. In step two Integration Type, select One or more organizational accounts.

  3. Click to copy the Unique SSO URL. Make sure to save the URL.

  4. To continue, click Next and follow the IdP Integration steps.

  1. In the Infinity Portal, go to > General.

  2. The Unique SSO URL shows below the account's name.

  3. To copy the URL, click .