Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
aliyavuzer
Staff
Staff

Created on ‎04-29-2024 02:59 AM

Article Id 312061

Technical Tip: Configuring user verification with ADFS authentication

Description This article describes how to configure user verification with ADFS SAML authentication.
Scope FortiClient, EMS.
Solution

EMS Configuration:

  1. For creating a new SAML Configuration Navigate to EMS -> User management -> Saml Configuration and select the '+ Add' button.
  2. Provide a name.
  3. Select 'Authorization Type' as 'None'.
  4. Hit the Use Current URL.
  5. SP information will be used while configuring ADFS Saml configuration. Now, create the Microsoft ADFS Saml Configuration for EMS.


ems saml config for adfs.png

Microsoft ADFS configuration:

  1. In AD FS Manager, 'right-click' on Relying Party Trust and select Add Relying Party Trust.


Picture1.png

 

  1. On the Welcome page, select Claims Aware and select Start.


Picture2.png

 

  1. On the Select Data Source page, select Enter data about the relying party manually and select Next.


Picture3.png

 

  1. On the Specify Display Name page, type a name in Display name under Notes type a description for this relying party trust, and then select Next.


Picture4.png

  1. On the Configure Certificate page, select Next to skip the configuration.


Picture5.png

 

  1. On the Configure URL page, select Enable support for the SAML 2.0 Web SSO protocol and enter the single sign-on URL that can be gathered from EMS -> User Management -> SAML Configuration window. (SP ACS (login) URL ).


Picture6.png

 

  1. On the Configure Identifiers page, enter the SP entity ID from the EMS Saml configuration window.


Picture7.png 

  1. On the Choose Access Control Policy page, select a policy and select Next


Picture8.png

  1. On the Ready to Add Trust page, review the settings and select Next to save the relying party trust information.


Picture9.png

 

  1. On the Finish page, select Close. This action automatically displays the Edit Claim Rules dialog box. Select Add Rule.


Picture10.png

 

  1. Enter the Claim rule name, select Active Directory under Attribute store, add mapping of LDAP attributes for Name and Name ID, and select OK.


Picture11.png
Configure the Claims rule as below:


Picture12.png
Select Finish and complete the configuration:

  • Navigate under AD FS -> Service -> Certificates and export the Token-signing certificate with Base-64 format.


adfs-signing-cert.png
Turn back to the EMS Saml Configuration window:

  1. Configure IDP settings based on the ADFS IP/FQDN information.
  2. Browse the signing certificate that was downloaded at the previous step.
  3. Test and save the settings.


ems-adfs-sp-Settings.png

 

When SAML Configuration is done,  create an invitation code and authorize users from ADFS Saml authentication.
359
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.