Scribd
Upload
24 views11 pages

Check Point and Microsoft Entra SAML SSO For VPN

Uploaded by

Carlos Eduardo Dinizio Fiusa Junior
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
24 views11 pages

Check Point and Microsoft Entra SAML SSO For VPN

Uploaded by

Carlos Eduardo Dinizio Fiusa Junior
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Contents

1. Create User Group on Check Point................................................................................................3


2. Add User Group to RemoteAccess Community.............................................................................4
3. Create Access Role and Add User Group......................................................................................5
4. Create Policy for VPN with Access Role........................................................................................6
5. Create the App Role in Microsoft Entra........................................................................................7
6. In Microsoft Entra Add User Group to Role....................................................................................8
1. Create User Group on Check Point
In SmartConsole navigate to ‘New…’ → ‘More’ → ‘User/Identity’ → Select ‘User Group…’.

Enter the name of the group and append “EXT_ID_” to it. In Entra this will show up as a role
inside the Check Point Enterprise application, without the “EXT_ID_” portion. In this example
we create EXT_ID_VPN_GROUP_C.
2. Add User Group to RemoteAccess Community
Inside the objects pane, Navigate to ‘VPN Communities’ → Edit ‘RemoteAccess’.

Under Participant User Groups, add the group created in the previous step. In this example we add
“EXT_ID_VPN_GROUP_C”.
3. Create Access Role and Add User Group
Inside the objects pane, Navigate to ‘New…’ → ‘More’ → ‘User/Identity’ → Select ‘Access Role…’.

Enter the name of the access role, which can be named to identify your VPN group in Entra
which the role is assigned to it. On the Users tab, add the user group created earlier. In this
example we call the Access Role “VPN_GROUP_C” and assign user group
“EXT_ID_VPN_GROUP_C”.
4. Create Policy for VPN with Access Role
Create an access rule in the policy package for the access role (VPN group) created earlier. In this
example a rule is created using the VPN_GROUP_C access role.
5. Create the App Role in Microsoft Entra
1. Click the Microsoft Entra ID in the left sidebar.
2. Click App registrations, and then select your Check Point Remote Secure Access VPN.
3. Click App Roles from the sidebar.
4. Click + Create app role.
5. In the Create app role pane, do the following:
a. Enter a role name, such as Administrator, in the Display Name
field. This value is only used in the Microsoft Entra ID UI.

b. Select Users/Groups for Allowed member types.


c. Enter a role value, such as Administrator, in the Value field.
This value is included in the user's ID token during Jamf Connect authentication.

d. Add an app role description.


e. Make sure the Do you want to enable this app role? checkbox is selected.
f. Click Apply.
6. In Microsoft Entra Add User Group to Role
In the Microsoft 365 admin center select ‘Identity’.

Navigate to ‘Applications’ and select ‘Enterprise applications’.


Navigate to ‘All applications’ and open the ‘Check Point Remote Secure Access VPN’ application.
Navigate to Users and groups and select ‘Add user/group’.

Under ‘Users and groups’ select ‘None Selected’ and choose from the window the required
group. In this example we select ‘VPN_GROUP_C’.
Under ‘Select a role’ select ‘None Selected’ and choose the role from the newly opened window.
This role will have a similar name to the User Group created earlier, but without the “EXT_ID_”
portion of the name. In this example the role is “VPN_GROUP_C”.

You might also like