Configuring Check Point VPN for PingID multi-factor authentication

Configuring Check Point VPN for PingID multi-factor authentication - PingID

PingID Administration Guide

bundle

pingid

ft:publication_title

PingID Administration Guide

Product_Version_ce

PingID

Prerequisites

You have installed Check Point VPN, including Check Point SmartConsole and SmartDomain Manager.
You have configured the necessary settings in PingOne and PingFederate. For more information, see:
- Configuring PingOne for Multi-Factor VPN Authentication
- Configuring PingFederate for Multi-Factor VPN Authentication

About this task

The following video describes the Check Point VPN process.

The following image represents a general flow. Actual configuration will vary according to individual company infrastructure considerations and policies.

A flow chart depicting the relationship between Checkpoint VPN, PingFederate, and PingID.

Processing steps

When a user opens their IPSec or SSL VPN login window and enters a user name and password, their details are sent to the RADIUS Server on PingFederate through the VPN.
PingFederate authenticates the user’s credentials against the LDAP Server as first-factor authentication.
After LDAP authentication approval, the RADIUS server initiates second-factor authentication with PingID. If authentication is denied, the user's VPN window displays an error message.