Skip to main content
edwina
edwina
New Member
September 4, 2025
Question

Forticlient VPN IOS (Free) -> check for compiant device?

  • September 4, 2025
  • 1 reply
  • 432 views

I have conditional access policies requiring compliant devices when connecting to Fortigate SAML SSL VPN.

I'm trying to connect my Intune registered and compliant iPhone to Fortigate SSL VPN via the free IOS client. I get a message stating the device isn't compliant and needs to register.

Does anyone have a working setup with Azure compliance or is this not supported in the free (IOS) version? On Windows it works like a charm. Can't find anything in the documents. Note i'm talking about Azure Compliance, not the Fortinet host check.

1 reply

btan
Staff & Editor
btan
Staff & Editor
September 8, 2025

Hi edwina,

 

In your working Windows scenario, I believe you enabled [Use External Browser as user-agent for saml user authentication] right? https://community.fortinet.com/t5/FortiGate/Technical-Tip-Implementing-device-based-Conditional-Access/ta-p/267878

To my knowledge, both Android and iOS FCT does not support external browser for auth yet, so if there is 'Compliant' Conditional Access Policy enabled on Entra ID side, mobile FCT is unable to connect to it. It is currently a limitation, even on paid FortiClient version.

    Terms & ConditionsAccessibility statement