Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
sjoshi
Staff
Staff

Created on ‎08-18-2025 02:25 AM

Article Id 405838

Technical Tip: Limitations of User-Level Policy Assignment in FortiSASE with RADIUS and SAML Authentication

Description

 

This article describes the limitations of FortiSASE when using RADIUS or SAML authentication, where only user groups are visible in the portal. As a result, administrators cannot create user-specific profiles or firewall policies, unlike with LDAP authentication, which supports individual user visibility and control.

 

Scope

 

FortiSASE.

 

Solution

 

  • Requirement identified: ability to create individual users in FortiSASE, similar to LDAP users or local users, when using RADIUS or SAML authentication.
  • Current limitation: individual user creation is not supported with RADIUS or SAML; only group-based policies are possible.

 

Capture.PNG

 

  • Known constraint: LDAP authentication does not function with IPsec VPN, although it works with SSL VPN
  • Future consideration: LDAP support for IPsec VPN (IKEv2) may be introduced in a future release.
58
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.