Configure Fortinet ZTNA Application Gateway with SAML and MFA using FortiAuthenticator

Hi Team,

To configure a Fortinet ZTNA application gateway with SAML and MFA using FortiAuthenticator, follow these steps:

1. Set Up FortiAuthenticator as SAML IdP:
- Access the FortiAuthenticator management interface.
- Navigate to the SAML IdP settings and configure the necessary parameters to act as the Identity Provider (IdP).

2. Configure SAML Authentication on FortiGate:
- Log in to the FortiGate management interface.
- Go to the ZTNA configuration section and select the application gateway settings.
- Enable SAML authentication and input the IdP details from FortiAuthenticator.

3. Enable Multi-Factor Authentication (MFA):
- On FortiAuthenticator, ensure that MFA is enabled for the user accounts that will be accessing the ZTNA resources.
- Configure the MFA settings, such as FortiToken, to be used during the authentication process.

4. Connect FortiGate to FortiAuthenticator:
- Ensure that the FortiGate EMS fabric connector is successfully connected to FortiAuthenticator.
- Verify the connection and ensure that the FortiGate can communicate with FortiAuthenticator for authentication requests.

5. Test the Configuration:
- Attempt to access the ZTNA-protected resources using a remote user account.
- Ensure that the user is prompted for SAML authentication and MFA verification.
- Verify that access is granted only after successful authentication and MFA verification.

Please do follow the below article:
https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/259754/ztna-application-gateway-with-saml-and-mfa-using-fortiauthenticator-example
https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/751123/ztna-configuration-examples
https://community.fortinet.com/t5/Support-Forum/ZTNA-with-2FA/td-p/215662
https://docs.fortinet.com/document/fortigate/7.6.3/administration-guide/461532/ztna-application-gateway-with-saml-authentication-example

Thank you.

Regards,
Durga A