06-19-2020 12:55 PM - edited 06-19-2020 12:58 PM
Is it possible to use a Certificate Profile to verify a machine on your GP Gateway, all while using SAML authentication to Azure? SAML to our Azure instance works great for us now, but does the firewall use the certificate profile only as a 'pre-logon' user, or initial challenge, and then still send the user to azure to complete SAML authentication? Considering using certificates to verify machines, but still want to use SAML. We have Azure joined machines and thinking they have a certificate on them somewhere with a CA we could utilize. Looking to Add device authentication from an Azure joined/trusted machine, and still use SAML for users.
06-25-2020 11:47 AM
Yes, this is perfectly possible. We do this w/ our SAML authentication. If you add a certificate profile under your-GP-portal (or gateway) > Authentication > Certificate Profile, any client that connects to that portal/gateway will need a cert signed by that CA. You can still use SAML authentication for the user. From the documentation:
Certificate Profile | (Optional) Select the Certificate Profile the gateway uses to match those client certificates that come from user endpoints. With a Certificate Profile, the gateway authenticates the user only if the certificate from the client matches this profile. If you set the Allow Authentication with User Credentials OR Client Certificate option to No, you must select a Certificate Profile. If you set the Allow Authentication with User Credentials OR Client Certificate option to Yes, the Certificate Profile is optional. The certificate profile is independent of the OS. |
06-25-2020 11:47 AM
Yes, this is perfectly possible. We do this w/ our SAML authentication. If you add a certificate profile under your-GP-portal (or gateway) > Authentication > Certificate Profile, any client that connects to that portal/gateway will need a cert signed by that CA. You can still use SAML authentication for the user. From the documentation:
Certificate Profile | (Optional) Select the Certificate Profile the gateway uses to match those client certificates that come from user endpoints. With a Certificate Profile, the gateway authenticates the user only if the certificate from the client matches this profile. If you set the Allow Authentication with User Credentials OR Client Certificate option to No, you must select a Certificate Profile. If you set the Allow Authentication with User Credentials OR Client Certificate option to Yes, the Certificate Profile is optional. The certificate profile is independent of the OS. |
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
