| Description | This article describes how to configure SSL VPN users using SAML(okta) with local AD for authentication and authorization. |
| Scope | FortiGate |
| Solution |
Related article:
Configure Okta and Active Directory integration.
- Create a new Directory integration: 1) Go to Directory -> Directory Integrations -> 'Add Active Directory'.
2) Select 'Set Up Active Directory'.
Check the Installation requirements before selecting the button.
3) Select 'Download Agent'. After then, it is possible to check item B with the Okta Organization URL and an administrator account on the page. Until the file is installed on the AD server, the message 'Waiting for the agent installer to update this page' will be displayed continuously.
4) Install the Okta AD Agent. - Input the domain name, proxy(if there is one) setting -> Next. - Enter Organization URL. Item B shown in number 3 contains the Organization URL.
- When the 'Sign into Okta with Administrative User Account' page is displayed, log in to Okta and select 'Allow Access' button.
- It is possible to check the pop-up page with 'Active Directory agent started!'.
5) Select the Organizational Units(OU) and username format.
6) Set the attribute value to be linked with Okta. 7) Done.
- Import user information from AD to Okta. 1) under Directory -> Directory Integrations -> Select the AD created in the previous step. 2) Import -> 'Import Now'.
3) When importing a user for the first time, select Full import to import.
4) Select the user, and confirm.
5) Check is the account is activated in Directory -> People.
- Assign the imported user ID to the okta application.
1) Select the OKTA application.
2) Go to Assignments -> Assign -> Assign to People(Or Groups).
3) Assign the user ID who will use SSL VPN.
- Login with AD ID and okta authentication (In this article, web mode SSL VPN has been used.).
1) Select the Single Sign-on.
2) Enter the AD credentials.
3) Done!
 |
