Skip to main content
cyberexplorer
cyberexplorer
New Member
January 8, 2024
Question

FortiAuthenticator OAUTH - Google Workspace not working

  • January 8, 2024
  • 3 replies
  • 2615 views

Hello team, 

 

I have been trying to configure FortiAuthenticator as an IDP proxy for google workspace for a few days now. Unfortunately, Fortinet only has a full documentation on how to do it with Azure. But only half documentation for Google Workspace.

 

I am stuck at the point where, when I configure my service account in GCP following this procedure https://support.google.com/a/answer/7040511?hl=en&ref_topic=4498019&sjid=3081473869943439631-NA#step1&step2&step3&step4&step5&&zippy=%2Cstep-create-a-project%2Cstep-turn-on-the-apis-for-the-service-account%2Cstep-set-up-the-oauth-consent-screen%2Cstep-create-the-service-account%2Cstep-authorize-your-client-id-in-the-admin-console

 

The SAML groups don't synchronise from Google workspace to FortiAuthenticator. Does anyone here have a procedure, documents of knows how to make Oauth work between FortiAuthenticator and google workspace?

 

3 replies

rbraha
Staff
rbraha
Staff
January 8, 2024

Hi @cyberexplorer 

 

Please refer to the below documentation regarding configuration of FAC side as Saml IDP with Google Workspace 

 

https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/333771/saml-idp-proxy-for-google-workspace

    cyberexplorer
    cyberexplorerAuthor
    New Member
    January 8, 2024

    Hello @rbraha ,

     

    I have been following this doc for the last 2 days. This docs is ok for FortiAuthenticator, but it does not help me for the google workspace side. The doc does not show how to configure things (SAML, Oauth, Service account, attribute mapping) on the google workspace side.

     

    Do you have any doc on that?

    rbraha
    Staff
    rbraha
    Staff
    January 10, 2024

    Hi @cyberexplorer 

    Please check with google support side if they can provide some documentation about this configuration.

      AndryanVT
      AndryanVT
      Visitor III
      March 19, 2024

      Hello,

       

      Do you have any success on this?

      I faced the some problem with no guidance on the service account creation on Google that satisfy the FortiAuthenticator requirement

       

      Thanks

      cyberexplorer
      cyberexplorerAuthor
      New Member
      March 23, 2024

      Yes it is working now, I found the solution.

       

      You need to connect your FortiAuthenticator with LDAPS to Google workspace, from there you can sync all your identities. https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/442690/google-workspace-integration-using-ldap

       

       

      Once you have that, then you need to configure Workspace as an SP to your FAC that will be the IDP. https://www.ultraviolet.network/post/configuration-guide-fortiauthenticator-as-google-workspace-saml-idp

       

      From there you can inject your FortiTokens.

      Terms & ConditionsAccessibility statement