Users

The Users page shows a table of all users in the Check Point Portal account. You can sort the table.

For information about Multi-Factor Authentication (MFAClosed Multifactor Authentication - an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.), see Multi-Factor Authentication.

User Roles

You can assign Global Roles and Specific ServiceClosed A Check Point service offering that helps customers with deployments or technical services for Check Point products. Roles to users. Global Roles apply to the entire Check Point Portal. Specific Service Roles apply to specific Check Point Portal services (for example, Email Security).

Global Roles

Global Roles apply to Check Point Portal account settings and all Check Point Portal services. You can assign more than one Global Role to a user. These are the types of Global Role:

Global Role

Privileges for Check Point Portal Account Settings

Privileges for Check Point Portal Services

Read Only

Read Only

Read Only

User Admin

Can do every action in the Users section and the User Groups section (see User Groups). Has Read Only access to the other Account Settings.

The User Admin role does not include access to Check Point Portal services. To give this user access to Check Point Portal services, do one or both of these:

  • In addition to the User Admin Global Role, assign the user a Read Only Global Role. This gives the user Read Only privileges for all Check Point Portal services.

  • In addition to the User Admin Global Role, assign the user one or more Specific Service Roles for Check Point Portal services. For example, you can assign the user an Admin role for the Email Security service. See Specific Service Roles.

Admin

Can do every action in the Check Point Portal, except for actions that only a Primary Administrator can do (see below).

Admin

Primary Administrator

Can do every action in the Check Point Portal. These are the actions that only a Primary Administrator can do:

 

In the General section (see General):

  • Change Primary Contact

  • Enable Support Mode

 

In the Identity & Access section (see Identity & Access ):

Note - A Check Point Portal account must have at least one Primary Administrator. Only a Primary Administrator can assign or remove this role for another user.

Admin

Specific Service Roles

A Specific Service Role applies to one Check Point Portal service (for example, Email Security). Specific Service Roles are separate from Global Roles and do not override them. In some services, you can assign more than one role to a user. You can assign only one role to a user in these services:

  • Browser Security

  • Endpoint Security

  • Mobile Security

  • SASE

Viewing User Information

  1. Go to > Users.

  2. To see updated user information, click Refresh.

  1. Right-click the top row of the table that contains the names of the columns.

    A list of column names opens.

  2. Select columns to show in the table.

    Only the selected columns appear in the table.

  1. In the Search field, click Filter .

    The Filters pane opens.

  2. To find specific users, enter these details:

    • Name

    • Email

    • etc.

  3. To clear the filter, click Clear All.

  1. Click Export.

    Your web browser downloads a ZIP file.

  2. When the download is complete, save the file to your computer and extract the content into the CSV file.

  3. Open the CSV file in an application (for example, Microsoft Excel).

Adding and Editing User Accounts

You can invite users to the Check Point Portal account that you manage as an administrator. After you invite a user, Check Point Portal sends an invitation to the user in an email. To accept the invitation, the user must click a link in the email. The invitation is valid for 30 days.

Note - All fields marked with an asterisk (*) are mandatory.

  1. Navigate to > Users and click New on the toolbar.

  2. In the Name field, enter a name for the user.

  3. In the Email field, enter the new user's email address.

  4. In the User Groups field, select User Groups for the new user from the list. You can select multiple User Groups for each user.

  5. In the Global Roles field, select roles for the new user from the list. You can select multiple roles for each user.

  6. Select Specific service roles to assign to the user.

  7. Click Add to save or Cancel to exit without saving the new user.

    The user shows with the Pending status on the full users list.

  8. When the user receives the email invitation and clicks the Accept invitation link, the Check Point Portal checks if this is a new or existing user.

    • For new users, the Check Point Portal opens with an activation screen and a request to set up a new password. The password policy shows on the same page.

      1. The user enters the password, confirms it, selects I accept the Terms of Service and the Privacy Policy, and clicks Activate.

      2. The Check Point Portal activates the user.

    • For existing users, the Check Point Portal approves the user and shows an approval message.

    The Check Point Portal adds the user to the account and changes their status from Pending to Active.

  9. The user clicks Back to sign in and logs in to the Check Point Portal. New users must enter their email and password and configure Multi-Factor Authentication. For more information, see Multi-Factor Authentication.

    When the user logs in to the Check Point Portal, the account appears in the dropdown menu on the top toolbar.

  1. Select the user from the list and click Edit on the toolbar.

  2. Make the required changes. You can edit the user's name, phone number, User Groups affiliation, and Global and Specific Service Roles.

  3. Click Save.

Note - This procedure is relevant only for users that were created manually in the Check Point Portal. To delete a user that was imported from a group in an Identity ProviderClosed A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP., you must remove the user from the group in the Identity Provider's portal. For example, if Alice is part of the "Check Point Admins" group in Microsoft Entra ID, you can delete Alice's user profile only in the Microsoft Entra ID portal. For more information about user groups, see User Groups.

  1. Select the user from the list and click Delete in the toolbar.

  2. In the confirmation window, click Delete.