Skip to main content
Minindu-HayleysFIT
Minindu-HayleysFIT
New Member
March 13, 2026
Question

FortiGate SAML Authentication Not Redirecting When Accessing Microsoft Services

  • March 13, 2026
  • 1 reply
  • 559 views

We are configuring SAML authentication on our FortiGate firewall to authenticate users before applying internet access policies.

Our requirement is:

  1. The first firewall policy should only trigger SAML authentication.

  2. After successful authentication, no services should be accessible through this rule.

  3. Once authenticated, subsequent policies should apply access rules for the authenticated user/group.

To achieve this, we created an authentication-only policy with the following configuration:

  • Source: all

  • Destination: Internet Services

  • Internet Services used:

    • Microsoft-Azure

    • Microsoft-Azure.Front.Door

    • Microsoft-Office365.Published

After applying this configuration, SAML authentication works correctly when the authentication process is triggered.

However, we are facing the following issue:

  • When users open a browser and try to access Microsoft-related services (for example: office.com, outlook.com, etc.), the SAML authentication page does not appear.

  • The browser waits for some time and eventually the webpage loads as a blank page.

  • At this stage:

    • The SAML login prompt never appears.

    • The user remains unauthenticated.

    • The user cannot access any services.

Expected Behavior

When a user tries to access Microsoft services or any internet resource, the FortiGate should redirect the user to the SAML authentication portal, and after successful authentication, the appropriate firewall policies should be applied.

Actual Behavior

The SAML authentication page is not triggered, resulting in a blank page and no connectivity for the user.

1 reply

sisrayilov
Staff
sisrayilov
March 14, 2026

Hello Minindu,


Have you followed the following documentation if your IDP is the Entra ID?
https://docs.fortinet.com/document/fortigate/7.6.6/administration-guide/432396/configuring-microsoft-entra-id-as-saml-idp-and-fortigate-as-saml-sp

Also: https: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-Microsoft-Entra-ID-SAML/ta-p/307457

Minindu-HayleysFIT
Minindu-HayleysFITAuthor
New Member
March 16, 2026

Hello sisrayilov,

 

Thank you for your reply and the documentation.

 

I have already followed those guides, and our SAML configuration is working. However, we are facing a specific issue with the redirection logic.

 

We created an authentication-only policy at the top of our list to trigger the SAML login. The problem is that when users try to access Microsoft services (like office.com or outlook.com), the browser stays on a blank page and the SAML login prompt never appears.

 

It seems like the FortiGate is blocking the traffic to the Identity Provider (Entra ID) because the user is not yet authenticated, creating a loop.

 

Could you please advise if we need to create a specific bypass policy for Entra ID login URLs (like login.microsoftonline.com) so the redirection can complete? Or is there a specific setting in FortiOS 7.6 to handle Microsoft Service redirections before authentication?

 

Thank you for your help!

Terms & ConditionsAccessibility statement