Configure Fortigate SSL VPN to use Azure AD as SAML

Hey,

you might want to detail what "all the steps" you have followed. You are using FGT as a SAML SP, and Azure as SAML IdP? Which FortiOS version do have there?

Best regards,

Markus

im excited to hear the the fortigate does support saml, i have to update my firmware, because this feature seems not to be available in 6.47.

However i did achieve the integration over radius with the NPS Plugin for Azure AD MFA.

It should support. One of our customers on our FGT with 6.2.10 just tested SAML last week and worked fine without much debugging. They currently uses NPS RADIUS proxy path probably backed by the same Azure AD and wanted to migrate to SAML. Since many of users currently have much older than FortiClient VPN 6.4, they need to upgrade them to be able to use SAML method for their SSL VPN.

Toshi

To clarify Toshi's statement above:

Web-based SSLVPN supports SAML from 6.2; tunnel-based works with FortiGate 6.2, but requires at least FortiClient 6.4.

Regarding FortiGate 6.4 not supporting SAML - it does, but most of the configuration is CLI only; you won't find anything in GUI until after you have configured at least the SAML server entry in CLI.