Technical Tip: How to configure SSL VPN web portal to automatically redirect to SAML SSO login page

ssanga · ‎08-13-2023

Description

This article describes the process for setting up automatic redirection of the SSL VPN web portal URL to the SAML SSO login page, eliminating the requirement to manually select the Single Sign-On button.

Scope

All FortiOS versions.

Solution

The automatic redirection of SSL VPN web access to the SAML SSO login page is accomplished in the following scenarios.

Solution 1:
Ensure Authentication/portal mapping rules do not have any non-SAML user groups associated with that particular SSL VPN web portal url/realm. Only in such cases, access to the SSL VPN URL will seamlessly redirect to the SAML SSO login page, eliminating the need to manually click the Single Sign-On button. Additionally, make sure the Firewall policies for SSL VPN do not have any non-SAML user groups associated with them.

Solution 2:

In cases where SAML and non-SAML user groups are configured under the Authentication/Portal Mapping rules (ex: SAML user group, local user group, and remote LDAP/RADIUS user groups) for a particular SSL VPN web portal url/realm,

Create a new realm and associate only SAML user groups to this realm under the Authentication/Portal Mapping rules.

Upon accessing the SSLVPN web portal using the new URL generated from the new realm, the user will instantly redirect to the SAML SSO login portal.