Configure Checkpoint VPN for PingID Multifactor Authentication

This procedure details the configuration required in your Checkpoint VPN for integrating PingID Multifactor Authentication (MFA).

Before starting your configuration:


  • An installation of Checkpoint VPN, including Checkpoint SmartConsole and SmartDomain Manager.

This procedure assumes that you have already configured the necessary settings in PingOne and PingFederate; see:

  • Configuring PingOne for Multi-Factor VPN Authentication
  • Configuring PingFederate for Multi-Factor VPN Authentication

This video describes the process for your Checkpoint VPN:

How it works

The following flow represents a general flow.

NoteConfiguration varies according to individual company infrastructure considerations and policies.

  1. When a user opens their VPN login window (IPSec or SSL VPN) and enters a username and password, their details are sent to the RADIUS Server on PingFederate via the VPN.
  2. PingFederate authenticates the user’s credentials against the LDAP Server as a first-factor authentication.
  3. Upon LDAP authentication approval, the RADIUS server initiates a second authentication with PingID. If authentication is denied, an error occurs, and a message is displayed on the user’s VPN window.

Your Rating: