Skip to main content

Check Point Infinity Portal SAML integration

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only they know or have access to.

Security Assertion Markup Language (SAML) is a protocol for authenticating to web applications. SAML allows federated apps and organizations to communicate and trust one another’s users.

Arculix by SecureAuth offers a simple method for adding single sign-on (SSO) MFA to Check Point Infinity Portal through its SAML solution.

Prerequisites

Check Point Infinity Portal configuration

In this section, you'll configure Check Point Infinity Portal as a service provider (SP).

  1. Download the SAML metadata and certificate for your organization from Arculix.

    Metadata download: https://sso.acceptto.com/<myorganization>/saml/download/metadata

    View metadata: https://sso.acceptto.com/<myorganization>/saml/metadata

    Certificate download: https://sso.acceptto.com/<myorganization>/saml/download/cert

  2. Log in to your Infinity Portal and go to Global Settings  > Identity & Access. In the Identity Providers section, click the + icon.

    checkpointsaml001.png

  3. On the SELECT IDP AND TITLE page, do the following:

    1. Provide a name for the Integration Title. For example, Arculix IdP.

    2. Select Generic SAML Server.

    3. Click NEXT.

    checkpointsaml002.png

  4. On the INTEGRATION TYPE page, you can configure SSO authentication for Infinity Portal administrators, users accessing Check Point services, or both. Follow the applicable steps:

    checkpointsaml003.png

  5. (Complete this step only if you selected One organizational account in the previous step).

    On the VERIFY DOMAIN page, do the following:

    1. Use the Value provided to create a DNS TXT record for your domain.

      For more information on DNS TXT records, see How to create a DNS TXT record.

    2. In the Domain(s) section, add the email domain(s) used by your company. Click the + icon to add more than one entry.

      Note: DNS record propagation and resolution usually take three to five minutes.

    3. Once all domains appear on the list, click NEXT.

    checkpointsaml004.png

  6. On the ALLOW CONNECTIVITY page, copy or save the Entity ID, Reply URL, and Mandatory User Attributes & Claims information for Arculix configuration.

    checkpointsaml005.png

  7. On the CONFIGURE & TEST page, upload the metadata that you just downloaded from Arculix, then click NEXT.

    checkpointsaml006.png

  8. On the CONFIRM IDENTITY PROVIDER page, confirm your SSO configuration details, then click SUBMIT.

  9. Go to Global Settings  > Account Settings and copy the Unique Login URL for Arculix configuration.

    checkpointsaml007.png

  10. To create a group for your IdP users and assign a desired role to them, go to Global Settings  >  User Groups and click New.

    checkpointsaml008.png

  11. On the ADD USER GROUP page, set the following configurations, then click ADD.

    Name

    Set the name for the group you want to create.

    Description

    Enter a description.

    IDP Id

    Enter the Identity Provider (IdP) group name or ID associated with the usernames of this group.

    Global Roles

    Select a role for this group.

    checkpointsaml009.png

Arculix SAML configuration as an Identity Provider (IdP)

In this section, you'll add an application for Check Point Infinity Portal and set the SAML configuration settings. This will be the Identity Provider (IdP) side of the configuration.

  1. Log in to Arculix with an administrative account and go to Applications.

  2. Click Create New Application.

    Create new application

  3. In the New Application form, on the General tab, set the following configurations:

    Name 

    Set the name of the application. This is the name to display for push notifications, in the Admin panel, Application portal, and audit logs.

    For example, Check Point Infinity Portal.

    Type 

    Set to SAML Service Provider.

    Out of Band Methods 

    Select the allowed methods end users can choose to approve MFA requests.

    For example, Arculix Mobile app (push notifications), SMS, or Security Key.

    Message for MFA Requests 

    Optional. Type a message displayed to end users when sending an MFA request via push notification, SMS, or email.

    checkpointsaml010.png

  4. Select the SAML Service Provider Configuration tab, and set the following configurations:

    Issuer or Entity ID 

    Enter the Entity ID provided by Check Point Infinity Portal.

    Log in URL 

    Enter the Unique Log In URL provided by Check Point Infinity Portal.

    NameID Format 

    Set to Email Address.

    Name Identifier 

    Set to Email.

    ACS URL 

    Enter the Reply URL provided by Check Point Infinity Portal.

    Algorithm 

    Set to RSA-SHA256.

    checkpointsaml011.png

  5. In the Asserted Attributes section, set the following values according to your data store connector:

  6. Save your changes.

Test your application integration

  1. Go to your Check Point Infinity Portal URL.

  2. You will be redirected to the Arculix SSO page.

    Application login page with QR code

  3. After successful authentication, select your preferred MFA method to approve access to the Check Point Infinity Portal application.

    Select MFA method

Support

If you have questions or need assistance, contact SecureAuth Support.

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.

In this section: