Troubleshooting Tip: Endpoint Profile cannot be ap...

FortiSASE

FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.

Article Id 424623

Description

This article describes issues where endpoint profiles are not applied to the configured Entra ID group when authenticated onboarding is enabled.

Scope

FortiSASE, FortiClient.

Solution

The following solution is only applied to FortiSASE that is running on Feature release with authenticated onboarding enabled.

In order for FortiSASE to correctly identify Entra ID user and its group memberships, when configuring authenticated onboarding (Access & Authentication -> SSO -> Authenticated onboarding) in FortiSASE, ensure that the option 'Include associated domain' is enabled and select the Entra ID domain configured in Access & Authentication -> Domains.

image (34).png

This will ensure that when the Entra user is being authenticated during onboarding, the user or group memberships are being recognized as from Entra ID.

166

Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: Endpoint Profile cannot be applied to Entra ID group when authenticated onboarding is enabled

You are leaving our website