OneLogin

Use these steps to configure the SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. authentication with OneLogin.

Step 1: Select IdP and Title

  1. In the Infinity Portal go to Global Settings > Identity & Access > click the plus icon.

  2. Select OneLogin.

  3. Click Next.

Step 2: Verify your Domain

  1. The DNS record generates. Click to copy the generated DNS record value.

  2. Enter this generated DNS record to your DNS server as a TXT record.

  3. Below Domain(s), enter your organization's domain and click the plus icon.

    Check Point makes a DNS query to verify your domain configuration.

  4. Click Next.

    Note - Wait until the DNS record is propagated and can be resolved.

Step 3: Create an application in the OneLogin Portal

  1. Log in to your OneLogin account and select Administration to set to admin mode.

  2. Below the Applications tab, select Application and click Add App.

  3. In the search box, select SAML Test Connector (Advanced).

  4. In the info tab, enter:

    Display Name - Check Point Infinity Portal.

  5. Click Save.

Step 4: Allow Connectivity

  1. On the Allow Connectivity page, copy the Entity ID and the Reply URL.

  2. Complete the Settings for the OneLogin application. Go to the Configuration tab and enter this information:

    • Audience (EntityID) - The Entity ID you copied in the Check Point Infinity Portal,

    • ACS (Consumer) URL* - The Reply URL you copied in the Check Point Infinity Portal,

    • ACS (Consumer) URL Validator* - The Reply URL domain with backslashes. For example, https:\/\/cloudinfra-gw.portal.checkpoint.com\/

  3. Click Save.

  4. Go to the Check Point Infinity Portal. On the Allow Connectivity page, click Next.

Step 5: Set User and Group Claims

  1. In the OneLogin Portal, go to the Parameters tab and click Add parameter (+) to enter each value.

    • Filed Name - groups

      1. Select Include in SAML assertion.

      2. Click Save.

      3. Value - User Roles

      4. Click Save.

    • Filed Name - firstName

      1. Select Include in SAML assertion.

      2. Click Save.

      3. Value - First Name

      4. Click Save.

    • Filed Name - lastName.

      1. Select Include in SAML assertion.

      2. Click Save.

      3. Value - Last Name.

      4. Click Save.

    • Filed Name - userName

      1. Select Include in SAML assertion.

      2. Click Save.

      3. Value - UserName

      4. Click Save.

    • Filed Name - email

      1. Select Include in SAML assertion.

      2. Click Save.

      3. Value - Email

      4. Click Save.

    • Filed Name - userID

      1. Select Include in SAML assertion.

      2. Click Save.

      3. Value - OneLogin ID

      4. Click Save.

  2. Click Save

Step 6: Select Relevant Users and Groups

  1. Go to Users > Roles, and click New Role to create user roles (groups).

  2. Enter the role name and click Save.

  3. Click the newly created role to edit:

    1. In the Applications tab, click (+), and add Check Point Infinity Portal application. Click Save.

    2. Go to the Users tab to add users.

      In Check existing or add new users to this role, search for applicable users by their names, and click Check.

  4. For each selected user, click Add To Role.

  5. The users show in Users Added Manually.

  6. Click Save.

  7. Go to the Check Point Infinity Portal application and make sure the users are added.

    Note - Copy the name of the assigned group for use with the Check Point Infinity Portal User group IdP ID field.

Step 7: Configure Metadata

  1. On the Configure Metadata page, download the Federation Metadata XML from the OneLogin Portal:

    1. In your application, go to the Configuration tab > More Actions > SAML Metadata.

      The file downloads.

    2. Upload the file to the Configure Metadata page in the Identity ProviderClosed A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP. Wizard.

      Note - Check Point uses the service URL and the name of your Certificate to identify your users behind the sites.

  2. Click Next.

    Check Point verifies the metadata of your Identity Provider.

Step 8: Review

Review the details of the SSO configuration and click Submit.

Important - Create a user group with the applicable roles and assign it to the related IdP group name or ID, which depends on the applicable identity provider, before you log out. For more information, see User Groups.