RADIUS

Before you start to configure SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. Authentication with RADIUSClosed Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport., make sure to log in with the same user or email that you used when you created the account. This allows you to create a fallback user that can always log in to the current account regardless of RADIUS servers availability.

The user that created the account is called Primary Contact. Infinity Portal does not authenticate this user through RADIUS SSO. This is to prevent the situation when the account becomes locked to all users because of RADIUS server's failure. In this case, the Primary Contact can always authenticate and log in with the password stored in the Infinity Portal database as a local user.

Note - if it is necessary to configure your firewall to allow Check Point Infinity Portal backend IP addresses, see the Firewall IP Allowlist.

To configure the SSO Authentication with RADIUS:

  1. Go to Global Settings > Identity & Access.

  2. Under SSO Authentication, click Set up single sign-on.

  3. The SSO Authentication wizard opens.

  4. Select RADIUS.

  5. Provide a title to the integration you are creating, and click Next.

  6. Follow the wizard instructions to complete the configuration.

  7. Verify the ownership of your domain to make sure successful identification for all the users that belong to your organization:

    1. Copy the DNS record value.

    2. Enter the Value to your DNS server as a text record.

    3. Below Domain(s), enter one or more email domains that your company uses and click [+] after each one.

      Note - After three to five minutes the DNS record propagates and is resolved.

    4. When all domains show on the list, click Next.

    1. On the Configure Servers page, enter the details of your RADIUS server(s):

      • Primary Host IP - enter the server IP address.

      • Primary Host Secret - enter the server secret.

      • Port - use the default RADIUS port or change the value.

      • Add Another Host - optionally, add a secondary RADIUS server to provide a backup when the primary server is unreachable. These two servers use the same port. Enter the secondary server IP address and secret.

      • Connectivity Test - optionally, check the RADIUS server connectivity:

        • Enter the user name.

        • Enter the user password.

        • Click Test connectivity.

        A message of the successful connection to the RADIUS server appears.

    2. Click Next.

  9. Review the details of the SSO configuration and click Submit.

    Important - Create a user group with the relevant roles and assign it to the corresponding RADIUS group class name. For more information, see User Groups.