The following list depicts current limitations in the latest version of CloudGuard SaaS Identity Protection module:
Update May 2020: CloudGuard SaaS can now be configured as a custom authentication factor in Azure Active Directory. This means that there is no more limitation for supporting Azure AD in CGS Identity Protection (including with Office 365 applications).
A) Identity Protection plugin for connectivity with Identity Provider is supported only for Microsoft AD FS. All other Identity Providers, e.g. Azure AD, Ping etc., can be supported via CloudGuard SaaS Authentication Service. Other Identity Providers that use SAML 2.0 are supported, even if not listed in the "Add Identity Provider" wizard under Identity Protection Configuration. We advise users to contact Check Point personnel before configuring an Identity provider not listed in the wizard.
B) Google Identity Platform cannot be configured as Identity Provider for use with Google Apps (Google Identity Platform is supported with any other SaaS applications).
C) For the configuration of Azure Active Directory with Azure AD Custom Controls:
a. An Azure Active Directory Premium subscription (P1 or P2) is required
b. It is not possible to define Identity Protection policy rules per SaaS application. Policy rules will apply to all applications configured in Azure AD to use the Check Point Custom Control.
D) The ID-Guard agent for PC is currently only supported for Windows operating system. We do not support Mac OS or Linux based ID-Guard agents.
E) The Mobile ID-Guard agent is supported on:
- iOS: 8.x, 9.x, 10.x, 11.x
- Android: 4.x, 5.x, 6.x, 7.x, 8.x.
F) Outlook clients below 2013 are not supported due to a Microsoft limitation related to Modern Authentication support. Additionally, any mail client that is not compatible with Modern Authentication will not be supported (known clienst with such limitation are the Samsung native email app (Samsung Email) and the MacOS mail app). More information can be found here.
G) We have no strict requirements for the type of license one should have with the Identity Provider in-order for our Identity Protection to work. All license levels are supported.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.