Using Azure AD for Authorization

In addition to SAML used for user authentication, you can use Azure AD entities to authorize the access to the corporate resources.

Azure Active Directory (Azure AD) is a Microsoft cloud-based identity and access management service that offers identity and access capabilities for applications that run in Microsoft Azure.

Best Practice:

To use Azure AD, your Management Server and Security Gateways that work as PDPs must have an Internet access.

  • If your Management Server does not have a direct access, configure a proxy server:

    1. From you browser, log in to the Gaia Portal.

    2. From the left tree, go to System Management > Proxy.

    3. Select the Use proxy server option and enter the applicable proxy server configuration.

    4. Click OK.

    5. Publish the SmartConsole session.

  • If your Security Gateway that works as PDP does not have a direct access, configure a proxy server:

    1. In SmartConsole, open the Global Properties.

    2. From the left tree, click Proxy.

    3. Select the Use proxy server option and enter the applicable proxy server configuration.

    4. Click OK.

    5. Publish the SmartConsole session.

Configuring Azure AD

This section describes the procedure for configuring Azure AD.

The procedure consists of two parts. Each part consists of these steps:

  • Part 1 - Configuration in Microsoft Azure Portal.

  • Part 2 - Configuration in Check Point SmartConsole.

Configuration in Microsoft Azure Portal

Note - For more information about configuration on the Microsoft Azure portal, refer to Microsoft Azure documentation.

Configuration in Check Point SmartConsole

Best Practice - If you use Azure for the two of authentication and authorization, then Azure AD performs authentication through the SAML protocol with the SAML Identity Provider.

To configure SAML for authentication, refer to SAML Identity Provider.