New Member

Question

Multiple Azure AD environments and the use of SAML

Forum|Forum|3 years ago
October 27, 2022
3 replies
5287 views

Is it possible to use the Single Sign On option with SAML for different Azure AD tenants?

FortiGate

Anthony_E

Staff

Hello aproost,

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Regards,

Best Regards

Anthony_E

Staff

Hello,

This document just appears:

https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial

Could you please tell me if it helps?

Regards,

Best Regards

aproostAuthor

New Member

Our idea is that we have two or more SAML SSO (Azure AD) in one Fortigate.

One SAML SSO is working well. But can you create two or more in one device?

We have A Fortigate in our DC and, multiple companies are using Forticlient now. But we wanna use the Azure AD SAML option. So there will be multiple SSO SAML in the Fortigate.

Debbie_FTNT

Staff & Editor

Hey aproost,

have a look at this KB; this seems to roughly be what you're looking for?

https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-with-SAML-authentication-with-multiple-iDP/ta-p/202364

Another KB that explains SSLVPN realms and SAML authentication in greater detail (but is with only one IDP):
https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/3992

As an alternative, if you're going to have multiple companies pass traffic through one FortiGate, you could consider VDOMs, and do VPN and SAML auth on a per-vdom basis.

Maerre

Explorer III

Hi @Debbie_FTNT ,

so if i have 3 vdoms, i can setup the 1st vdom to use azure MFA, the 2nd vdom to use fortiauthenticator and the 3rd vdom to use only local authentication??

I can decide how to autheticate based on a per-vdom basis?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded