Microsoft Azure AD

How to Configure the SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. authentication with Microsoft Azure:

Prerequisite: Create an Enterprise Application on the Azure Portal

Add Check Point's Infinity Portal application in the Azure Portal:

  1. Sign in to the Azure portal with a work or school account or a personal Microsoft account.

  2. On the left navigation pane, select the Azure Active DirectoryClosed Microsoft® directory information service. Stores data about user, computer, and service identities for authentication and access. Acronym: AD. service.

  3. Navigate to Enterprise Applications and select All Applications.

  4. To add a new application, select New application.

  5. In the Add from the Gallery section, enter Check Point Infinity Portal in the search box.

  6. Select Check Point Infinity Portal from the results panel and add the app. The app is added to your account.

Step 1: Select IdP and Title

  1. In the Infinity Portal go to Global Settings > Identity & Access > click the plus icon.

  2. Select Azure AD.

  3. Click Next.

Step 2: Verify your Domain

  1. The DNS record generates. Click to copy the generated DNS record value

  2. Enter the copied DNS record to your DNS server as a TXT record.

  3. Below Domain(s), enter your organization's domain and click the plus icon.

    Check Point makes a DNS query to verify your domain's configuration.

  4. Click Next.

    Note - Wait until the DNS record is propagated and can be resolved.

Step 3: Configure Check Point's Infinity Portal Application in the Azure Portal

  1. In the Allow Connectivity page, copy the Entity ID and the Reply URL.

  2. In the Azure portal, on the Check Point Infinity Portal application integration page, in the Manage section select single sign-on.

  3. On the Select a single sign-on method page, select SAML.

  4. On the Set up single sign-on with SAML page, click the pencil icon to edit the settings for Basic SAMLClosed Security Assertion Markup Language. An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. Configuration.

  5. On the Basic SAML Configuration section, do these steps:

    1. In the Identifier text box, paste the copied entity ID.

    2. In the Reply URL text box, paste the previously-copied Reply URL.

    3. In the Sign on URL text box, paste the previously-copied Reply URL as well.

  6. On the Set up single sign-on with SAML page, in SAML Signing Certificate, find Federation Metadata XML and select Download to download the XML file.

  7. When the download is done, go to the Check Point Infinity Portal and click Next.

Step 4: Configure Check Point Infinity Portal Application User Roles

Use one of these options:

  • Option 1: Configure Check Point Infinity Portal application user roles in Azure AD portal.

    Create Admin and "readonly" roles in the Azure portal.

    1. From the left pane in the Azure portal, select App Registration > All applications > Check Point Infinity Portal application.

    2. From the left pane, select App roles, click Create app role and do these steps:

      1. In the Display name field, enter Admin.

      2. In the Allowed member types, select Users/Groups.

      3. In the Value field, enter admin.

      4. In the Description field, enter Check Point Infinity Portal Admin role.

      5. Make sure Enable this app role is selected > click Apply.

      6. Click Create app role.

      7. In the Display name field, enter readonly.

      8. In the Allowed member types, select Users/Groups.

      9. In the Value field, enter readonly.

      10. In the Description field, enter Check Point Infinity Portal Admin role.

      11. Make sure to select Enable this app role.

      12. Click Apply.

  • Option 2: Configure Check Point Infinity Portal application user roles in Check Point Infinity Portal.

    This configuration is only for groups assigned to the Check Point Infinity Portal application in Azure AD. In this section, create one or more User Groups that hold the Global and ServiceClosed A Check Point service offering that helps customers with deployments or technical services for Check Point products. roles for the applicable Azure AD groups.

    1. Copy the ID of the assigned group for use with the Check Point Infinity Portal User Group IdP ID field.

    2. For User Group configuration, see User Groups.

    3. Select applicable users and groups:

      Configure the users and groups that are allowed to authenticate by Azure AD when you use the Check Point Infinity Portal.

      1. When you edit your enterprise application in the Azure Portal, navigate to Users and Groups.

      2. Add all groups or all individual users with related roles configured in section 11 above, if applicable.

Step 5: Configure Metadata

  1. In the Configure Metadata page, upload the Federation Metadata XML that you downloaded before from your Azure AD.

    Note - Check Point uses the service URL and the name of your Certificate to identify your users behind the sites.

  2. Click Next. Check Point validates your Identity ProviderClosed A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP.'s metadata of your Identity Provider.

Step 6: Confirm Identity Provider Integration

Review the details of the SSO configuration and click Submit.

Important - Create a user group with the applicable roles and assign it to the related IdP group name or ID. This depends on the applicable identity provider before you log out. For more information, see User Groups.