SSO Authentication Setup with Identity Provider

Single Sign-On (SSO Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications.) authentication enables organizations to centrally manage user authentication and authorization by integrating with an Identity Provider A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP. (IdP). With SSO authentication, users can log in to different enterprise resources and services with one set of credentials (username and password). You can configure regular Identity Providers such as Microsoft Entra ID (formerly Azure AD) and Okta, or you can opt for Two-Factor Authentication by integrating with Duo. This approach enables your organization to control user access efficiently and ensures that your users can easily and securely access the necessary resources.

Prerequisites:

Overall, the setup of SSO with Check Point Infinity Portal requires a good understanding of Identity and Access Management (IAM) concepts and experience with IdP configuration.

Supported Identity Providers:

For information on SSO authentication and setup with available Identity Providers, see:

Optional Features

You can use optional features for a more advanced integration of the Infinity Portal with an Identity Provider (IdP).

Feature	Description
SAML Security Assertion Markup Language. An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.	The Infinity Portal and the Identity Provider communicate through the Secure Access Markup Language (SAML) protocol.
IdP Initiated Flow	Allows Infinity Portal users to connect to the Infinity Portal directly from the IdP portal. Example - Users click an icon in the Okta portal to open the Infinity Portal.
Directory Integration - Manual	The Infinity Portal pulls information about users and groups from the IdP for Check Point services (example: Harmony Connect). Directory Integration does not apply to users and groups in the Infinity Portal.
Directory Integration - SCIM	A Directory Integration method that allows the IdP to push any change in the user and group directory to Check Point services (example: Harmony Connect). Directory Integration does not apply to users and groups in the Infinity Portal.

This table shows which features Infinity Portal supports for each Identity Provider.

Identity Provider (IdP)	Directory Integration - Manual	Directory Integration - SCIM
Microsoft Entra ID (formerly Azure AD)	Only for Check Point services.	Only for Check Point services.
Okta	Only for Check Point services.	Only for Check Point services.
Ping Identity	Only for Check Point services.	Only for Check Point services
PingFederate
OneLogin	Only for Check Point services.	Only for Check Point services
Microsoft ADFS Active Directory Federation Services. A Microsoft software component for Windows Server OS to give users single sign-on access to an organization's systems and applications.	In Early Availability (EA). Only for Check Point services.
Google Workspace	Only for Check Point services.
Duo
Generic SAML Server
RADIUS Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport.

Use Case

ACME Corporation's large workforce needs to access different enterprise resources and services. They have implemented Check Point Infinity Portal as a centralized platform to manage user access to these resources. But the management of user authentication for each resource has become a cumbersome and time-consuming procedure, especially as employees often forget their usernames and passwords. Moreover, there are security concerns related to managing multiple sets of login credentials for each user.

To simplify the authentication procedure and improve security, ACME Corporation decides to implement SSO authentication with Check Point Infinity Portal. By integrating with an Identity Provider such as Okta, they can centrally manage and control user authentication and authorization. This means that employees can log in with a single set of credentials (username and password) to access all enterprise resources and services, removing the need to remember different login details for each resource.

Moreover, with SSO authentication, ACME Corporation can implement more security measures such as Two-Factor Authentication (2FA) to make sure that user access is secure. This enhances the overall security posture of the organization and is a better user experience by eliminating the necessity of for multiple sets of login credentials.

In summary, SSO authentication with Check Point Infinity Portal allows ACME Corporation to simplify the authentication procedure, make security better, and enhance user experience.