Integration of Checkpoint Client VPN with AWS Identity Center SAML

0

Hello,

I have followed the procedure in the following link to create the application in the Identity Center: https://docs.aws.amazon.com/singlesignon/latest/userguide/samlapps.html I have also followed a similar procedure to integrate it with the Checkpoint VPN: https://aws.amazon.com/blogs/security/authenticate-aws-client-vpn-users-with-aws-single-sign-on/ Regarding Checkpoint, I have used the following procedure: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_RemoteAccessVPN_AdminGuide/Topics-VPNRG/SAML-Support-for-Remote-Access-VPN.htm Specifically, I don't understand step 6 mentioned by Checkpoint, which involves Checkpoint accessing the user database in the Identity Center through that connection. The excerpt from step 6 is as follows:

Step 6: Configure the Group Authorization

Authorization is for these types of groups:

Identity Provider groups: The groups sent by the Identity Provider.
Internal groups: The groups received from User Directories configured in SmartConsole.

To configure the Identity Provider groups:

In the Identity Provider interface, configure roles.
In the Identity Provider interface, configure a SAML claim on the Identity Provider.
In SmartConsole, create an internal User Group object with this name (case-sensitive): EXT_ID_<Name_of_Role>. For example, for a role in the Identity Provider's interface with the name "my_group", create an internal User Group object in SmartConsole with the name "EXT_ID_my_group".

Note: Identity Tags are not supported for Remote Access connections.

Identity Provider groups and Internal groups (e.g., LDAP) are used for authorization.

Authorization types:

Remote Access VPN Community: Grants users access to Remote Access VPN.
Access Roles (requires the Identity Awareness Software Blade): Grants access to users according to policy rules and user identities.

To apply authorization by Remote Access VPN, add the applicable group to the Remote Access VPN.

To apply authorization by Access Roles, add the applicable group to an Access Role in the Access Control Policy.

The purpose of this configuration is to allow users connecting to the Checkpoint client VPN to log in with users from the Identity Center and use two-factor authentication to connect to the VPN.

Could you please assist me with this?

Thank you very much.

Kind regards.

답변 없음

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠