This may be more of an Azure question, but... I want to use Azure saml for admin logins. I've set it up on a single device and it works great. Now I have 15-20 other Fortis I want to use it on but I really don't want to create an Azure app for each one. Is it possible to do it all within one app or is there a better way to do this?
Within Azure, I add in the urls of the other Fortigates to the Entity ID and that works as expected; user authentics. The problem is that the asc url always uses the default url so the reply always goes to the initial forti and the login fails.
Hello Random Guy,
what do you mean by Azure App? On the Azure portal itself you mean?
I think you may have to. The config on FortiGate is relatively simple with copy and paste. But the IdP Azure must know which SP (FortiGate) is supposed to connect. The SPs don't know of each other, the Azure portal must have either a capability to tell them apart or a separate app must be created.
Best regards,
Markus
By Azure app I mean step 1 in the guide above.
In step 7, you have the ability to add additional EntityID and Reply urls. Adding the EntityID of an additional firewall prompts for authentication correctly but the first reply entry in the list is always used so the login fails.
I really don't want to have to create a separate application for each.
Created on 08-20-2022 12:52 PM Edited on 08-20-2022 12:53 PM
That's a question you should direct at Microsoft/Azure. The FortiGate has no control over what the IdP does once you're on the IdPs website.
FortiGate sends both it's entity-ID (.../metadata) and the reply (.../saml/?acs) URIs, so if Azure is not capable of returning the user back to the correct FortiGate even when it's given all of this information on a silver platter, that's on Azure to fix, or explain.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.