Help
FortiPAM
FortiPAM allows you to protect, isolate and secure privileged account credentials, manage and control privileged user access, and monitor and record privileged account activity.
idumancic
Staff
Staff

Created on ‎04-10-2025 11:00 AM Edited on ‎08-25-2025 01:12 AM

Article Id 386403

Troubleshooting Tip: 403 forbidden error in FortiPAM SAML SSO authentication

Description This article describes why FortiPAM SAML authentication fails with a 403 forbidden error.
Scope FortiPAM 1.5.
Solution

When trying to connect with a user during the SAML SSO authentication process, the following error may occur:

'Authentication: User Account error'. FortiPAM also returns a 403 error.

 

From the SAML debug tracer in this example, the redirection appears to be working correctly to https://fpam/XX/YY/ZZ/saml/login.

 

samlfortipam.PNG

 

samlfortipam1.PNG

 

Commands from FortiPAM for further troubleshooting:

 

diagnose debug reset

diagnose debug console timestamp enable

diagnose wad debug enable level verbose

diagnose wad debug enable category auth

diagnose wad debug enable category secret

diagnose debug app samld -1

diagnose debug enable

 

Solution:

 

From the configuration file, ensure this command is enabled:

 

config system global

  set saml-authentication enable

end

 

The next step is to ensure this option is enabled:

Force SAML login - Enable/Disable forced SAML login (default=disable).

saml+fortipam.PNG

 

Note: This option must be enabled when creating a SAML user.
Labels:
903
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.