Background

Check Point Harmony Connect provides secure access for branch offices and for remote users.
You can add remote users if you navigate to the Assets > Users & Devices menu.
There are two ways to connect remote users:

• by email
• with an Identity Provider

For wide deployment, we also recommend to read sk172550 Harmony Connect App Best Practices for Wide Deployment

Comparison

Add users by	Email	Identity Provider
Availability level	Beta	General Availability
Maximum number of users	For secure Internet access - unlimited For secure Remote access - unlimited For secure Application access - 50	Unlimited
Prerequisite	None	Navigate to Settings > Identity Provider to add an identity provider
Password requirement	For secure Internet access - without a password. The app contains a one-time activation token. For secure corporate access - the end user generates a password	Single sign-on (SSO)
All on-boaded end users are automatically available for selection at the access control policy	No	Yes for Azure AD, Okta and PingID. For more, see admin guide
Admin can create user objects manually and select them at the security policy	Yes	For secure Internet access - yes For secure corporate access - no
Admin can define custom user group objects and select them at the security policy	For secure Internet access - no For secure corporate access - yes	For secure Internet access - yes For secure corporate access - no
Secure Internet Access
Installation initiator	End user	Administrator or the end user
App installer distribution	By email to each end user	Available to download from Assets > Users & Devices
Installer file	Unique per end user	Single installer file for all users
Method of end user identification	The end user one-time token is part of the app installer	During the first-time activation, the app automatically identifies the end user. See sk172550
Installer time validity	After 5 days from the invite if the installer won't be executed then the agent won't pass the 'registration stage' Link wise it would be downloadable and executable, yet without the registration stage it won't be valid for usage	Not relevant; since the generic installer is not sent by email nor is user/tenant specific.

Add users by email

Add users with an Identity Provider

 

Known Limitations

• AzureAD sync in Application Access (stand-alone product) is limited to importing users with 150 groups or less. 

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.