| Description | This article describes how to verify users when connected to cloud and on-premise domains in different names with regex.replace() on Azure. |
| Scope |
Fortinet EMS Server. Important: Azure AD integration is only possible starting from the v7.2.1 EMS version. |
| Solution |
To set up a configuration for user verification, adhere to the instructions in these related documents: Configuring user verification with SAML authentication and an Azure AD server user account.
Consider a scenario where there is a hybrid domain with Azure and the intention is to utilize SAML to validate FortCllient users that are already linked to the local domain that is synchronized with Azure AD.
Domain name used locally: @contoso.com Microsoft Azure domain: @contoso.onmicrosoft.com Attributes for UserPrincipalName will not match. Only the specific Domain Identification field on Azure can be read by EMS.
On the Enterprise Application of Azure side, check single sign-on edit.
Select the specific field:
Once the edit window opens for a specific attribute:
Transformation: regex.replace() Regex Pattern: (?'user'^.*?)(?i)(\@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})$ Replacement Pattern: {user}@contoso.com
It will replace the existing domain configurations, such as:
anil@contoso.onmicrosoft.com -> anil@contoso.com
Next, save the configuration. |
