Skip to main content
AMINE-GHEZALI
AMINE-GHEZALI
New Member
December 1, 2025
Question

SAML between FORTIGATE 400F FORTIAUTHENTICATOR AND FORTIPAM 1.5

  • December 1, 2025
  • 2 replies
  • 239 views

Hi support, 

 

am currently preparing the deployment of FortiPAM for SSL VPN access. Today, users authenticate with username + password + a token generated by FortiAuthenticator. FortiPAM is also integrated with the FortiAuthenticator.

My question is: how can I change the configuration so that when a user connects through the SSL VPN (username + password + token), the authentication is redirected to FortiPAM, and once inside FortiPAM, the user is not asked to enter the token again since they are already authenticated through FortiAuthenticator?

 

Br 

2 replies

AEK
SuperUser
AEK
SuperUser
December 2, 2025

Hi Amine

 

For SAML SSO FortiPAM and FortiGate should be configured as SP with FAC as IdP.

 

https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/52061/fortigate-ssl-vpn-with-fortiauthenticator-as-saml-idp

 

https://docs.fortinet.com/document/fortipam/1.7.0/examples/944560/2fa-on-fortipam-for-saml-users-using-fortiauthenticator

 

Hope it helps.

AEK
AMINE-GHEZALI
AMINE-GHEZALIAuthor
New Member
December 11, 2025

Thanks, it works.

Terms & ConditionsAccessibility statement