• You have installed Check Point VPN, including Check Point SmartConsole and SmartDomain Manager.
  • You have configured the necessary settings in PingOne and PingFederate. For more information, see:
    • Configuring PingOne for Multi-Factor VPN Authentication
    • Configuring PingFederate for Multi-Factor VPN Authentication

About this task

The following video describes the Check Point VPN process.

The following image represents a general flow. Actual configuration will vary according to individual company infrastructure considerations and policies.

A flow chart depicting the relationship between Checkpoint VPN, PingFederate, and PingID.

Processing steps

  1. When a user opens their IPSec or SSL VPN login window and enters a user name and password, their details are sent to the RADIUS Server on PingFederate through the VPN.
  2. PingFederate authenticates the user’s credentials against the LDAP Server as first-factor authentication.
  3. After LDAP authentication approval, the RADIUS server initiates second-factor authentication with PingID. If authentication is denied, the user's VPN window displays an error message.