Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssriswadpong
Staff
Staff

Created on ‎06-01-2022 08:06 AM Edited on ‎08-15-2022 11:49 AM By Anonymous

Article Id 213539

Technical Tip: SSL VPN with Azure SAML authentication with multi-factor authentication (MFA)

Description This article describes SSL VPN with Azure SAML authentication with multi-factor authentication(MFA).
Scope FortiGate, FortiClient
Solution

Azure Multi-factor authentication can be enabled for SSL VPN with SAML authentication. This can be done by enabling multi-factor authentication on Azure.

 

No additional setting is require on FortiGate. However, it is important to check whether the authentication timeout for remote servers is long enough for the user to authorize the challenge (MFA).

The default setting is configured for 5 seconds. This setting is recommended to be changed to 60 seconds as per commands below:


# config system global
      set remoteauthtimeout 60
  end

 

MFA window will be popped out after entering a credential as the below screenshot.

 

VPNSAML2FA.png

VPNSAML2FA2.png

 

Links to configure MFA for SSLVPN with Azure SAML authentication: 

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa

 

4691
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.