Technical Tip: How to enable ZTNA resource Access ...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 392584

Description

This article describes how a Windows user can access a ZTNA resource Microsoft Entra ID domain by using the same LDP login.

Scope

FortiOS 7.6.3.

Solution

A user/FortiClient managed by the window domain can access ZTNA resources automatically new Authentication scheme entra-sso, which authenticates a ZTNA session against the Entra ID session.

Use the following configuration to achieve this:

config user external-identity-provider

edit "Test_EIP"

set type ms-graph

set version v1.0

end

config authentication scheme

edit "test123"

set method entra-sso <----- Select this option.

set external-idp "Test_EIP"

end

config authentication rule

edit "1"

set srcaddr "all"

set dstaddr "all"

set sso-auth-method "test123"

end

config user group

edit "Test_group"

set member "Test_EIP"

end

config firewall proxy-policy <----- Make sure it is a proxy policy, not a standard policy.

edit 1

set proxy access-proxy

set access-proxy "abc"

set srcintf "any"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set logtraffic all

set groups "Test_group"

end

271

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to enable ZTNA resource Access through Microsoft Entra ID domain

You are leaving our website