Using FortiProxy for machine to machine using oidc and Entra as IdP

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

If anybody else has any info or advice, please feel free to contribute!

Hello,

We are still looking for an answer to your question.

We will come back to you ASAP.

Hi,

Can you elaborate a little more this request, please?
Using OIDC on FortiProxy, OIDC-based authentication, the FortiProxy unit redirects unauthenticated users to the IdP (such as Azure Active Directory, Okta, Google, or other OIDC-compliant providers) for authentication. After the user is verified by the IdP, the user is redirected back to the FortiProxy with an ID token and possibly additional tokens in a JSON-based format. These tokens carry essential information about the user’s identity, group memberships, and authorization claims.

https://docs.fortinet.com/document/fortiproxy/7.6.4/administration-guide/444161/oidc 

As you mentioned "no browser popup or user interaction should be required" so what do you want to apply for this traffic?

Regards

Hi, this is a managed databricks environment, with multiple tenants, and some of them are shared tenants. Currently we whitelist internet access on the Fortigate and this works fine, but we want more granular control. Since there are shared tenants we cannot distinguish on subnet or something like that, so the only thing I can think of is using some form of authentication to distinguish who is trying to reach a specific destination. After authentication we want to whitelist a set of URLs, and for other 'users' this might be a different set of URLs.

I have put users between quotes because it is not an actual user but more a system with a set of credentials (token or something).

The requests would be initiated by I believe python scripts or some other similar scripting language perhaps.

I hope this clarifies the requirements a bit.