SAML Identity Provider

This section describes how to configure authentication using a 3rd party Identity Provider over the SAML protocol as an authentication method for Identity Awareness Gateway (Captive Portal) and for Mobile Access Portal as service providers.

Identity Provider is a system entity that creates, maintains, and manages identity information and provides authentication services. Service Provider is a system entity that provides services for users authenticated by the Identity Provider.

SAML Authentication Process Flow

  1. An end user asks for a service through the client browser.

  2. The Security Gateway redirects the client browser to the 3rd party Identity Provider portal to acquire the end user's identity.

  3. The Identity Provider portal authenticates the end user.

  4. The Identity Provider generates a digitally-signed SAML assertion and sends it back to the client browser.

  5. The client browser forwards the SAML assertion to the Security Gateway.

  6. The Security Gateway validates the SAML assertion and provides the end user with the service.

Example

  • The service is google.com.

  • The service provider is Identity Awareness Gateway (Captive Portal).

  • The Identity Provider is Okta.

Important - When you sign out from the Check Point service portal, it does not automatically sign out from the Identity Provider's session.

SAML Configuration Procedure

Important - Before you use SAML configuration, make sure that your Security Policy allows access to the 3rd party Identity Provider web sites.