Technical Tip: Limitations of User-Level Policy Assignment in FortiSASE with RADIUS and SAML Authentication

Description

This article describes the limitations of FortiSASE when using RADIUS or SAML authentication, where only user groups are visible in the portal. As a result, administrators cannot create user-specific profiles or firewall policies, unlike with LDAP authentication, which supports individual user visibility and control.

Scope

FortiSASE.

Solution

• Requirement identified: ability to create individual users in FortiSASE, similar to LDAP users or local users, when using RADIUS or SAML authentication.
• Current limitation: individual user creation is not supported with RADIUS or SAML; only group-based policies are possible.

• Known constraint: LDAP authentication does not function with IPsec VPN, although it works with SSL VPN
• Future consideration: LDAP support for IPsec VPN (IKEv2) may be introduced in a future release.