SAML Identity Provider

This section describes how to configure authentication using a 3rd party Identity Provider over the SAML protocol as an authentication method for Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Captive PortalClosed A Check Point Identity Awareness web portal, to which users connect with their web browser to log in and authenticate, when using Browser-Based Authentication. and for Mobile AccessClosed Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. Portal as service providers.

Identity Provider is a system entity that creates, maintains, and manages identity information and provides authentication services. Service Provider is a system entity that provides services for users authenticated by the Identity Provider.

SAML Authentication Process Flow:

  1. An end user asks for a service through the client browser.

  2. The Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. redirects the client browser to the 3rd party Identity Provider portal to acquire the end user's identity.

  3. The Identity Provider portal authenticates the end user.

  4. The Identity Provider generates a digitally-signed SAML assertion and sends it back to the client browser.

  5. The client browser forwards the SAML assertion to the Security Gateway.

  6. The Security Gateway validates the SAML assertion and provides the end user with the service.

For more information, see the SAML Identity Provider.