PingFederate

Follow these steps to configure SSOClosed Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. authentication with PingFederate.

  1. In the Infinity Portal, go to > Identity & Access and click the plus icon.

  2. Enter a name for the Integration Title and select PingFederate.

  3. To continue, click Next.

In this step of the IdP Integration Wizard, you can configure SSO authentication for Infinity Portal administrators and for end users of Check Point services.

  1. Select Enable Administrators to log in to the portal using this IdP.

  2. Select one of these options:

  1. In the Service(s) Integration section, select one of these options:

    • No Services - End users of Infinity Portal services cannot authenticate with SSO from the Identity Provider. This is the default configuration.

    • All Services - End users can log in with SSO from the Identity Provider to all Check Point services that support SSO.

    • Specific Service(s) - From the list of services, select service(s) to allow end users to log into with SSO from the Identity Provider. Available services:

      • Harmony Connect

      • Quantum Gateways

  2. Click Next (or, if you are editing a configuration, Apply) to complete the Integration Type configuration.

Note - If for Integration Type you selected "Login with a Unique URL", the Verify Domain step is not necessary.

  1. Connect to your DNS server.

  2. Copy the DNS Value from the Infinity Portal IdP Integration wizard > Verify Domain step.

  3. On your DNS server, enter the Value as a TXT record.

  4. In the Infinity Portal > Domain(s) section, enter a public DNS domain server name and click the plus icon.

    Check Point makes a DNS query to verify your domain's configuration.

  5. Optional - add more DNS domain servers.

  6. Click Next.

    Note - Wait until the DNS record is propagated and can be resolved.

  1. In the PingFederate portal, create a SAMLClosed Security Assertion Markup Language. An XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. application for the Infinity Portal. For more information, see PingFederate documentation.

  2. Copy the Entity ID from the Infinity Portal and paste it in the relevant field in the SAML application in the PingFederate portal.

  3. Optional - Select Enable IDP initiated flow to allow users of the PingFederate SAML application to access the Infinity Portal directly from the PingFederate portal.

  4. Copy the Reply URL from the Infinity Portal and paste it in the relevant field in the SAML application you created in the PingFederate portal.

  5. In the SAML application you created in the PingFederate portal, add the attributes and claims shown in the Infinity Portal > Mandatory User Attributes & Claims section.

  6. Click Next.

Important - Before you can test the connectivity between Ping Identity and Infinity Portal, you must complete all of the IdP integration steps in Infinity Portal.

In this step, you upload the federation metadata XML file.

  1. On the Infinity Portal, Identity Provider Wizard > Configure Metadata page, upload the Federation Metadata XML that you downloaded from the PingFederate Portal.

    Note - Check Point uses the service URL and the name of your Certificate to identify your users behind the site.

  2. Click Next. Check Point verifies the metadata of your Identity Provider.

Review the details of the SSO configuration and click Submit.

Important - Create a user group with the applicable roles and assign it to the related IdP group name or ID. This depends on the applicable identity provider before you log out. For more information, see User Groups.