It is often necessary to know which user has connected to the IPsec dial-up tunnel successfully.

Under VPN -> IPSec Tunnels, '1 dialup connection' is shown, but no username is mentioned.

Select '1 dialup connection' to bring up the IPsec monitor:

Here, the XAUTH user is unchecked; check that, and it will be possible to see the username connected with the dial-up tunnel.

Also, go to Log & Report -> System Events -> VPN Events -> Check XAUTH user to see the user in the logs.

To see which assigned IPs correlate with what users are connected, add a 'Firewall Users' widget and open it up:

Note:

When using Entra ID SAML authentication with IKEv2 IPsec remote access VPN on FortiGate, the user identification is handled through SAML attribute exchange, not via XAUTH. Because traditional IKEv1/XAUTH processes are not used, the 'XAUTH User' field in the VPN monitor or dashboard will remain empty. This is expected behavior for SAML-based authentication workflows in FortiOS 7.4 and later.

With SAML, FortiGate acts as a service provider (SP) and receives the user identity from the SAML response after authentication. However, the identity is not automatically mapped to the XAUTH user field, it is processed separately within the SSL/SSH inspection and logging contexts.