Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
haldahan
Staff
Staff

Created on ‎05-10-2024 09:26 AM

Article Id 312363

Technical Tip: Configuring SAML SSO login for SSL VPN with Azure AD acting as SAML IdP in FortiManager

Description This article describes how to configure SAML SSO login for SSL VPN with Azure AD acting as the SAML IdP in FortiManager and pushing to multiple FortiGates.
Scope FortiManager, SAML.
Solution
  1. Enable 'CLI Only Objects' under Policy & Objects -> Object Configurations -> Tools -> Display Options.

1.1 (1).jpg

 

1.2.jpg

 

  1. Configure the SAML user. Ensure that identity provider (IdP)-related entries match the Azure-side configuration.

 

2.1 (1).jpg

 

2.2.jpg

 

  1. Create a User Group under Policy & Objects -> Object Configurations -> CLI Only Objects:

3.1.jpg

 

4.2.jpg

 

3.3.jpg

 

Notes:

  • It is also possible to create a User Group under Policy & Objects -> Object Configurations -> CLI Only Objects.
  • 'Config Match' will only appear after creating a User Group.

3.4.jpg

 

  1. Configure group matching based on Azure Active Directory Group ObjectId.

4.1.jpg

 

3.2.jpg

 

  1. Go to VPN -> SSL VPN Settings. Configure as desired.
  2. Go to Policy & Objects. Create a new SSL VPN firewall policy or modify an existing one to apply to the group that contains the SAML user configured in step 3.
1488
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.