Page created: 3 Jun 2020
|
Page updated: 9 Dec 2020
This procedure details the configuration required in your Check Point VPN for integrating PingID multi-factor authentication (MFA).
Prerequisites
- You have installed Check Point VPN, including Check Point SmartConsole and SmartDomain Manager.
- You have configured the necessary settings in PingOne and PingFederate. For more
information, see:
- Configuring PingOne for Multi-Factor VPN Authentication
- Configuring PingFederate for Multi-Factor VPN Authentication
About this task
The following video describes the Check Point VPN process.
The following image represents a general flow. Actual configuration will vary according to individual company infrastructure considerations and policies.
Processing steps
- When a user opens their IPSec or SSL VPN login window and enters a user name and password, their details are sent to the RADIUS Server on PingFederate through the VPN.
- PingFederate authenticates the user’s credentials against the LDAP Server as first-factor authentication.
- After LDAP authentication approval, the RADIUS server initiates second-factor authentication with PingID. If authentication is denied, the user's VPN window displays an error message.