PingFederate

Use these steps to configure the SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. authentication with PingFederate.

Step 1: Select IdP and Title

  1. In the Infinity Portal go to Global Settings > Identity & Access > click the plus icon.

  2. Select PingFederate.

  3. Click Next.

Step 2: Verify your Domain

  1. Below The DNS record Value is generated. Copy the value.

  2. Enter this generated DNS record to your DNS server as a TXT record.

  3. Below Domain(s), enter your organization's domain and click the plus icon.

    Check Point makes a DNS query to verify your domain configuration.

  4. Click Next.

    Note - Wait until the DNS record is propagated and can be resolved.

Step 3: Create an Application in the PingFederate Portal

  1. Log in to the PingFederate Portal.

  2. Create a SAMLClosed Security Assertion Markup Language. An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. 2.0 sign-on method.

Step 4: Allow Connectivity

  1. In copy the Entity ID and the Reply URL.

  2. In the PingFederate portal, configure the SAML settings:

    • Single sign on URL - Use the Reply URL.

    • Audience URI (SP Entity ID) - Use the Entity ID.

Step 5: Set User and Group Attributes

For the same SAML settings, set these attribute statements:

Name - firstName

groups - memberOf (listed in DN format)

CN - Group_Name,OU=Groups,OU=LOW,OU=@ADMIN,DC=master,DC=hmkad,DC=hallmark,DC=com)

SAML_SUBJECT - emailaddress

lastName - lastName

nameidentifier - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

Important - Copy the name of the assigned group for use with the Check Point Infinity Portal User Group IdP ID field.

Step 6: Configure Metadata

  1. Create a Metadata file:

  2. After you create the metadata XML file in the PingFederate portal, go to the Allow Connectivity page in the Check Point Infinity Portal and click Next.

  3. On the Configure Metadata page, upload the Federation Metadata XML you downloaded from your PingFederate portal.

    Note - Check Point uses the service URL and the name of your Certificate to identify your users behind the sites.

Step 7: Review

Review the details of the SSO configuration are correct.

Important - Create a user group with the applicable roles and assign it to the related IdP group name or ID, which depends on the applicable identity provider, before you log out. For more information, see User Groups.