Support Center > Search Results > SecureKnowledge Details
Adding users in Harmony Connect by email or with an Identity Provider Technical Level


Check Point Harmony Connect provides secure access for branch offices and for remote users.
You can add remote users if you navigate to the Assets > Users & Devices menu.
There are two ways to connect remote users:
  • by email
  • with an Identity Provider

For wide deployment, we also recommend to read sk172550 Harmony Connect App Best Practices for Wide Deployment


Add users by Email Identity Provider
Availability level Beta General Availability
Maximum number of users
  • For secure Internet access - unlimited
  • For secure Remote access - unlimited
  • For secure Application access - 50
Prerequisite None Navigate to Settings > Identity Provider to add an identity provider
Password requirement
  • For secure Internet access - without a password. The app contains a one-time activation token.
  • For secure corporate access - the end user generates a password
Single sign-on (SSO)
All on-boaded end users are automatically available for selection at the access control policy No Yes for Azure AD, Okta and PingID. For more, see admin guide
Admin can create user objects manually and select them at the security policy Yes For secure Internet access - yes
For secure corporate access - no
Admin can define custom user group objects and select them at the security policy For secure Internet access - no
For secure corporate access - yes
For secure Internet access - yes
For secure corporate access - no
Secure Internet Access
Installation initiator End user Administrator or the end user
App installer distribution By email to each end user Available to download from Assets > Users & Devices
Installer file Unique per end user Single installer file for all users
Method of end user identification The end user one-time token is part of the app installer During the first-time activation, the app automatically identifies the end user. See sk172550
Installer time validity After 5 days from the invite if the installer won't be executed then the agent won't pass the 'registration stage'

Link wise it would be downloadable and executable, yet without the registration stage it won't be valid for usage
Not relevant; since the generic installer is not sent by email nor is user/tenant specific. 

Add users by email

Add users with an Identity Provider


Known Limitations

  • AzureAD sync in Application Access (stand-alone product) is limited to importing users with 150 groups or less. 
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document