Description |
This article describes why the user is not getting prompted by authentication when accessing the server via SMB even if the user is logged out. |
Scope |
FortiGate, FortiClient. |
Solution |
Diagram:
In this setup, the user is using SAML authentication and FortiClient on a Windows machine. The SAML IDP is FortiAuthenticator or a third-party SAML IDP (Azure, etc).
The server can be accessed via SMB and using ZTNA TCP forwarding access proxy.
The user is getting prompted by authentication when he accesses the server via SMB for the first time.
The user will not get prompted by authentication again even if the user is logged out manually from the IDP or the authentication got changed in the FortiGate proxy policy or ZTNA policy.
This is by design and it is the normal behavior.
To get prompted by authentication, the user needs to shut down the FortiClient from the workstation:
Then restart it by opening the FortiClient application again. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.