Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Lokelund
New Contributor

Identity based security policy

  • Hi. I am trying to setup identity based firewall policies for my company. The goal is to have a policy that only allows IT staff to reach our company azure tenant and our customers tenants, currently there is a policy that allows the whole company to basically egress the VPN tunnel interface to the tenants.

As the company has moved away from an on prem AD, i cant set up a FSSO to poll any DC for users to authenticate. So what I am wondering, is there a way to do this with either AZ AD or possibly certificates?

If anybody could shed some light on the best path to pursue to accomplish this goal and/or possibly give me a link to some useful resources I would much appreciate it. Thanks :)

2 REPLIES 2
xsilver_FTNT
Staff
Staff

Hi,

how about SAML ?

With FortiGate:
https://docs.fortinet.com/document/fortigate/6.4.8/administration-guide/33053/outbound-firewall-auth...

Through FortiAuthenticator:

https://docs.fortinet.com/document/fortiauthenticator/6.4.0/cookbook/362779/saml-authentication

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Lokelund
New Contributor

Thank you for the reply! Will look into it :)

Labels
Top Kudoed Authors