Check Point Gateway Mobile Access Portal - SAML Relying Party Configuration for Cloud Authentication Service - RSA Ready Implementation Guide
a year ago

This section describes how to integrate Check Point Gateway Mobile Access portal with RSA Cloud Authentication Service using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service

Procedure

  1. Sign in to RSA Cloud Administration Console.
  2. Go to Authentication Clients menu and select Relying Parties.

  1. In the Relying Party Catalog, select Add a Relying Party.
  2. Click Add for Service Provider SAML.

  1. On the Basic Information page, enter the name for the application in the Name field and click Next Step.

  1. In the Authentication tab, select SecurID manages all authentication.
  2. Select a Primary Authentication Method and Access Policy as required and click Next Step.

  1. In the Connection profile section, go to the Service Provider section and enter the following details:
    1. ACS URL: Refer to Check Point configuration section to obtain this value.
    2. Service Provider Entity ID: Refer to Check Point configuration section to obtain this value.

  1. In the SAML Response Protection section, select IdP signs assertion within response.
  2. Click Download Certificate.

  1. Select Show Advanced Configuration, under the User Identity section configure Identifier Type and Property as the following example: 
    1. Identifier Type > Auto Detect
    2. Property > Auto Detect

  1. Click Save and Finish.
  2. On the My Relying Parties page, click Edit and select Metadata option to download the metadata.

  1. Click Publish Changes to enable your application to SSO. 

Configuration is complete.

 

Configure Check Point Mobile Access Portal

Perform these steps to configure Check Point Mobile Access Portal.

Procedure

  1. Log in to Check Point SmartConsole desktop application with admin credentials.
  2. From the left pane, go to Gateways & Servers tab.
  3. Double click the required deployed Check Point Gateway.

  1. In the General properties of the gateway, ensure that Mobile Access service is enabled. 

Note: If Mobile Access service is not enabled, follow the prompt to enable the service. During the process, the Mobile Access portal URL is configured, and end users will use it to log in to the portal. 

  1. In the Gateway & Servers tab, click New > More > User/Identity > Identity Provider.

  1. In the New Identity Provider window, choose a name for the RSA identity provider.
  2. Select the relevant Check Point Gateway from the Gateway dropdown list
  3. Select Mobile Access from the Service dropdown list.
  4.  Copy the Entity ID and paste it in the Service Provider Entity ID field in RSA configuration.
  5. Copy the Reply URL and paste it in the ACS URL field in RSA configuration. 
  6.  Choose Import Metadata file
  7. Go to the Metadata file downloaded from RSA, and the rest of the fields will be auto populated.

  1. In SmartConsole, click the Gateways & Servers panel.
    1. Open the Security Gateway object. From the left tree click Mobile Access > Authentication.
    2. In the Multiple Authentication Client Settings section, click Add to add a new Realm object.
    3. On the Login Option pane, in the Usage in Gateway section, clear the box Use in Capsule Workspace.
    4. On the Login Option pane, in the Authentication Method section, click Add.
    5. Select Identity Provider.
    6. Click the green [+] button and select the SAML Identity Provider object. Click OK.

  1. In SmartConsole, click Publish.
  2. Select the applicable policy and choose Access Control.
  3. Click Install to apply the policy. 

The configuration is complete.
Return to Main page

Related Articles

Trending Articles

Don't see what you're looking for?