Skip to main content
robinh007
robinh007
Explorer III
June 25, 2025
Question

Centralized LDAP-Based Authentication for macOS native VPN Clients

  • June 25, 2025
  • 3 replies
  • 709 views

Hi,

 

Is it possible to set up FortiGate to authenticate macOS native IPsec VPN clients through Active Directory, without requiring the Macs to be joined to the domain? 

 

Our goal is to remove local user accounts from FortiGate and transition macOS users to centralized authentication using LDAP, just like we do for Windows users.

 

 

FortiGate 

3 replies

Stephen_G
Moderator
Stephen_G
Moderator
June 27, 2025

Hello robinh007,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

If anyone else has any knowledge in this area - please feel free to contribute!

 

Thanks,

Stephen_G - Fortinet Community Team
    Stephen_G
    Moderator
    Stephen_G
    Moderator
    July 1, 2025

    Hello,

     

    We are still looking for an answer to your question.

     

    We will come back to you ASAP.

    In the meantime, if anyone else has any advice to contribute, please feel free to do so!

     

    Thanks,

    Stephen_G - Fortinet Community Team
      Yurisk
      SuperUser
      Yurisk
      SuperUser
      July 2, 2025

      Hi, I don't see why it would not work - authentication is happening between Fortigate and LDAP server, Forticlient (FC) (MacOS or not) just gets a reply from the FGT - authenticated or not, FC is not aware of the backend authentication method. Provided you are trying to authenticate against Windows LDAP. 

      This should work: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Remote-Access-IPSEC-VPN-with-LDAP-authentication/ta-p/343237 

        Terms & ConditionsAccessibility statement