IKEv2 with SAML and 3 diffenerent Entra tenants

Question

Hi Guys,

I'm very frsutrated about the shift to IPSEC.

IPSEC over TCP isn't really ready in 7.4, LDAP auth only works wit eat-ttls what means a bad config in FortiClient etc.
And now I'm standing in front of my next problem.

I have 3 Entra tenants all 3 should use SAML for IPSEC. In SSLVPN I would configure Realms, but what is the the way with IPSEC? In my understanding I only can configure 1 SAML Port on my WAN interface but for 3 tenants I have to use 3 different SAML ports for 3 Applications.

Any ideas or am I wrong?

By the way, how do you deploy ikev2 with LDAP in FortiClient?

fabs-net · Answer

Hi, I have not yet implemented such a requirement as I have only ever used SAML with one IdP - but the following FAC feature could possibly be a solution for you?

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/07519fff-c6d3-11ef-9411-ae1fcf29f169/FortiSASE-24.4-SAML%C2%A0SSO_Using_FortiTrust_as_IdP_Proxy_Deployment_Guide.pdf

The FAC can be set up as a SAML proxy in order to connect several IdPs behind it.

P.S.: Unfortunately, I have not yet managed the shift to ipsec satisfactorily to replace ssl vpn with a clear conscience.

KR Fabian

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded