Best ZTNA authentication

Forum|Forum|5 months ago
December 10, 2025
1 reply
157 views

Which tags would be best if we have users with FortiClient + EMS that connect to our datacenter to our RDS cluster(s)?

What is the best way to authenticate them? SAML SSO? Ztna tags? Certificate based?

FortiGate

AEK

SuperUser

The certificate authentication is already included for registered clients.
In addition ZTNA tags is also good to identify AD group and to filter accordingly.
And if you want SSO and your target apps supports it then you can use SAML in addition.

As conclusion you can you can combine all of the above: The 1st for host authentication (cannot be removed). The 2nd to filter according to user/group identification. And the 3rd for SSO.

AEK

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded