Created on 04-21-2023 02:55 AM Edited on 11-25-2024 10:54 PM By Jean-Philippe_P
Description | This article describes that when an outbound firewall authentication is configured using the SAML Azure IDP, it directly redirects to the Microsoft login page. |
Scope | FortiGate, Captive portal, SAML. |
Solution |
Example:
FortiGate SAML configuration:
config user saml
config user group edit "SAML_Auth"
config firewall policy edit 11 set captive-portal-exempt enable <-- This is to ensure that traffic to Microsoft for SAML authentication will not be subjected to a captive portal check end
When the user tries to access the internet it will redirect to the Microsoft login.
To see the Captive portal page with the SAML option create a dummy local user group:
config user group edit "Captive_portal"
config firewall policy
After adding a local group when the user tries to access the captive portal page with the SAML login option will be visible:
Select SAML Identity Provider to use the SAML login. to have a user local user login, then select continue:
To configure SAML with Azure IDP use the below-related documents: Outbound firewall authentication with Azure AD as a SAML IdP Troubleshooting Tip: How to troubleshoot SAML authentication |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.