Skip to main content
Flamby
Flamby
New Member
July 16, 2025
Question

FortiSASE for Contractors (Agentless ZTNA)

  • July 16, 2025
  • 1 reply
  • 1715 views

Hello,

I'm about to configure Agentless access to private applications through FortiSASE for contractors, however, I read that it's required to Enable SSO authentication for SWG users, which needs an integration with user database such as Azure AD, without that Agenteless ZTNA cannot be configured (as I understand it right now).

I already enabled SWG, created the SWG policies required, and have a local user group created, but this SWG SSO authentication is making things though.

Is there any way to bypass this and use only the local database (fortisase database, coupled with MFA, why not). Or it works just like that and there is now way to do it differently ?

 

Thank you in advance

1 reply

sharmar
Staff & Editor
sharmar
Staff & Editor
July 16, 2025

Hello @Flamby

I believe its not possible with local user, however you can  use the Radius or LDAP auth with SWG. 

This 4D doc for SWG would be helpful for you :   https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/260f235d-c520-11ee-8c42-fa163e15d75b/FortiSASE-24.1-SIA_Agentless_SWG_Deployment_Guide.pdf

Flamby
FlambyAuthor
New Member
July 17, 2025

Hello @sharmar 

Thanks for your reply,

so in case we don't have any LDAP, there is no other solution to make contractors work without impacting their computers ? I mean, I see only one solution, is installing the agent on their computers like a regular SSL vpn. 

sharmar
Staff & Editor
sharmar
Staff & Editor
July 17, 2025

Hello @Flamby 

 

That seems to be the feasible solution 

Terms & ConditionsAccessibility statement