Before you start to configure SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. Authentication with RADIUSClosed Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport., make sure to log in with the same user or email that you used when you created the account. This allows you to create a fallback user that can always log in to the current account regardless of RADIUS servers availability.

The user that created the account is called Primary Contact. Infinity Portal does not authenticate this user through RADIUS SSO. This is to prevent the situation when the account becomes locked to all users because of RADIUS server's failure. In this case, the Primary Contact can always authenticate and log in with the password stored in the Infinity Portal database as a local user.

Note - if it is necessary to configure your firewall to allow Check Point Infinity Portal backend IP addresses, see the Firewall IP Allowlist.

To configure the SSO Authentication with RADIUS:

  1. Go to Global Settings > Identity & Access.

  2. Under SSO Authentication, click Set up single sign-on.

  3. The SSO Authentication wizard opens.

  4. Select RADIUS.

  5. Provide a title to the integration you are creating, and click Next.

  6. Follow the wizard instructions to complete the configuration.

  7. Verify the ownership of your domain to make sure successful identification for all the users that belong to your organization:

    1. Copy the DNS record value.

    2. Enter the Value to your DNS server as a text record.

    3. Below Domain(s), enter one or more email domains that your company uses and click [+] after each one.

      Note - After three to five minutes the DNS record propagates and is resolved.

    4. When all domains show on the list, click Next.

  8. Review the details of the SSO configuration and click Submit.

    Important - Create a user group with the relevant roles and assign it to the corresponding RADIUS group class name. For more information, see User Groups.