Skip to main content
Jongmun
Jongmun
New Member
June 15, 2025
Solved

SSO with EntraID

  • June 15, 2025
  • 1 reply
  • 709 views

 Hi,

 

 I have Fortegate 100F with OS 7.4.x

 I configured SSO with EntraID successfully and login was working.

 

 I have a questions.

Q) Can I use more than one entra id group for separate vpn portal and policy.

 A user member of group A and assigned the portal A and apply policy A,

 and B user member of group B and assigned the portal B and apply policy B

 

And I have in trouble

T) User can login was successfully with Entra ID, and connected.

But SSL VPN client didn't receive internal routing table, only DMZ routing table was received.

It add routing table in manually 'route -Add xxx -mask...' then it can be communicated.

Anyone have solution like issue, please help me.

 

Thank You.

 

Best answer by sjoshi

Hi,

 

Yes you can setup multiple portal and different policy for entra ID group using object ID

https://docs.fortinet.com/document/fortigate-public-cloud/7.6.0/azure-administration-guide/584456/configuring-saml-sso-login-for-ssl-vpn-with-entra-id-acting-as-saml-idp

 

Regarding 2nd issue check the split routing setup

1 reply

sjoshi
Staff
sjoshiAnswer
Staff
June 15, 2025

Hi,

 

Yes you can setup multiple portal and different policy for entra ID group using object ID

https://docs.fortinet.com/document/fortigate-public-cloud/7.6.0/azure-administration-guide/584456/configuring-saml-sso-login-for-ssl-vpn-with-entra-id-acting-as-saml-idp

 

Regarding 2nd issue check the split routing setup

Thanks, Salon
Jongmun
JongmunAuthor
New Member
June 16, 2025

 

Thank you for your reply.

 

While I check as your advice, I found something wrong.

 

User A is member of EntraID GroupA and user A is logon OK then I remove membership in EntraID, now user A have no VPN permission and he shouldn't login.
But user A can logon and user A member of the others group, in VPN logon monitoring screen.

User A have no membership of the others group.

Do I more set EntraID or Fortigate?

Please help me..

 

Terms & ConditionsAccessibility statement