Checkpoint - SSO Configuration

Checkpoint - SSO Configuration

Idea
This documentation has been tested and approved by Kelvin Zero's team
Quote
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Checkpoint using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
Warning
To set up Multi-Pass with Checkpoint, ensure you meet the following requirements:
- MPAS: Admin rights
- Checkpoint: Admin rights
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.

Configuring Checkpoint


  1. From your dashboard, hover over the gear icon in the blue banner and select “Identity and Access.”

  1. In the Identity Providers section, click ”+” to start the SSO configuration process.
  2. In the pop-up, choose a name for the “Integration Title,” select “Generic SAML Server,” and click “Next.”
Depending on your needs, select one of the two integration types. For this documentation, we will follow “Login based on domain verification.”
  1. In “Services Integration,” select the option that best suits your requirements, then click “Next.”


  1. Verify your domain by following the provided instructions. Once you have added your domain (e.g., company.com), click “Next.”
  2. Once in the “Allow Connectivity” section, open MPAS in another window to configure it for Checkpoint.
  3. Copy and paste the “Entity ID,” “Reply URL,” and “User ID” as required.


  1. In MPAS, select the correct deployment, then click “Admin Console.”
  2. In the left column, click “Clients,” then select “Create a Client.”
  3. Fill in the required fields and click “Next.”
    1. Client type = SAML
    2. Client ID = Entity ID from Checkpoint (e5db4fc1-d182-4594-a287-ffd92adb5c36.ca.portal.checkpoint.com)
    3. Name = for example "checkpoint"
    4. Description = for example "SSO integration checkpoint"
    5. Always display in UI = ON
  4. Once completed, additional fields will appear. Fill in the required information:
    1. Home URL = https://ca.auth.kzero.com/realms/<Realm name>/protocol/saml/clients/checkpoint
    2. Valid redirect URIs = Reply URL from Checkpoint (https://cloudinfra-gw.ca.portal.checkpoint.com/api/saml/sso)
    3. IDP-Initiated SSO URL name = checkpoint
    4. Name ID format = email
    5. Force POST binding = ON
    6. Include AuthnStatement = ON
    7. Sign assertions = ON

  1. Click “Save.
  2. At the top of the page, select the “Keys” tab. Ensure both “Signing Keys Config” and “Encryption Keys Config” are turned off.
  3. Go to the “Advanced” tab and copy the Reply URL from Checkpoint into the field labeled “Assertion Consumer Service Redirect Binding URL.”
  1. Now, go to the “Client Scopes” tab.
  2. Click on the first line, then select “Add Mapper.”
  3. Choose “By Configuration.”
  1. Select “User Attribute” and fill in the required fields:
    1. Name = User Id
    2. User attribute = Username
    3. SAML Attribute Name = based on Checkpoint (urn:mace:dir:attribute-def:userId)
  2. Click “Save.”



  1. MPAS is almost fully configured. Now, you need to retrieve the metadata file for Checkpoint.
  2. In the left column, click “Realm Settings.”
  3. Scroll down and click “SAML 2.0 Identity Provider Metadata.”
  4. A new window will open. Right-click on the first line and save it as an XML file.
  5. Go back to Checkpoint and click “Next.”
  6. In the “Configure and Test” section, click “Select File,” then upload the XML file you just saved.
  7. Click “Run Test.”
  1. The configuration was successful. Click “Apply.”

    • Related Articles

    • Datadog - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Datadog using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Odoo - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Odoo using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Addigy - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Auvik - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Auvik using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • HaloPSA - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for HaloPSA using MPAS. SSO simplifies user authentication by allowing access to multiple ...