Skip to main content
Janfi
Janfi
Explorer
November 4, 2024
Question

Forticlient - SAML - 2FA

  • November 4, 2024
  • 1 reply
  • 1326 views

Hello,

 

I’d like to seek some advice. I currently have a functioning VPN with 2FA through the Azure app. The VPN operates normally, and authorization goes through without issues. However, I’m facing a problem when the Microsoft window “Remember this sign-in” appears after logging in. If we select YES, the VPN closes and displays “inactive VPN.” When we log in again and choose NO, the VPN connects successfully. Sometimes it happens the other way around: when we click YES to remember the sign-in, the VPN becomes inactive, and we have to select NO. It seems like a cookie issue because when I clear the cookies from the browser history, the login works perfectly right away. Has anyone else encountered this issue? It seems like it would be helpful to bypass the browser's use of cookies altogether. Theoretically, that could work, but I’m not sure how to achieve that. I’d also like to clarify that I’m using FortiClient version 7.4.0.1658 and have Microsoft Edge set as my default browser. Also we don't have EMS.

 

Best regards,

Jan

1 reply

aleguizamon
Staff
aleguizamon
Staff
November 5, 2024

Hello,

It does sound like you’re right about this being a cookie-related issue, which could be impacting how Microsoft Edge interacts with FortiClient’s VPN authentication.

- Have you tried using a different browser temporarily? Sometimes, a change in browsers can help avoid issues related to session persistence and cookie handling.

Another approach could be to disable the “Remember this sign-in” prompt in Azure AD, this might be helpful:
Manage the 'Stay signed in' prompt in Microsoft Entra ID - Microsoft Entra | Microsoft Learn



    Janfi
    JanfiAuthor
    Explorer
    November 5, 2024

    Hello,

    We'll probably try your second suggestion. It looks like something that might help us. But it will affect many other things.

    Going the other browser route is not really possible. We have a lot of users and that is not a good way to go. 

     

    Thank you for the azure tip.

     

    Best regards,

    Jan

    Terms & ConditionsAccessibility statement