Configure Check Point optional settings

Check Point supports two optional settings. Client IP Reporting and Groups response.

Configure Client IP Reporting

To configure Okta to be able to parse, report on, and eventually enforce policy based on the source client IP address, you need to configure the Check Point (RADIUS) app in Okta as follows:

Enter the following Advanced RADIUS Settings in the Client IP section of the Sign On tab for the Radius app in your Okta Admin Console:

  • Select the Report client IP checkbox.
  • Select 66 Tunnel-Client-Endpoint as the RADIUS end user IP attribute.

Configure Groups Response

Check Point can use group information from Okta to make advanced assignment and policy decisions.
To configure Okta to send RADIUS group information to Check Point:

Enter the following settings in Advanced RADIUS Settings section of the Sign On tab for the Radius app in your Okta Admin Console.

For example:

  1. Select Application > Applications and select the application by clicking its name.
  2. Select the Sign On tab.
  3. In the Advanced RADIUS section click Edit.
  4. Check Include groups in RADIUS response.
  5. Configure the remaining fields as:
    • RADIUS Attribute: 25 Class
    • Group memberships to return Select Groups to Return
    • Response format: Repeating attributes
    • Group name format: ${group.name}
  6. Click Save.