Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
random_guy
New Contributor III

Admin login - Azure saml

This may be more of an Azure question, but... I want to use Azure saml for admin logins. I've set it up on a single device and it works great. Now I have 15-20 other Fortis I want to use it on but I really don't want to create an Azure app for each one. Is it possible to do it all within one app or is there a better way to do this?

 

Within Azure, I add in the urls of the other Fortigates to the Entity ID and that works as expected; user authentics. The problem is that the asc url always uses the default url so the reply always goes to the initial forti and the login fails.

 

FortiGate 

3 REPLIES 3
Markus_M
Staff
Staff

Hello Random Guy,

 

what do you mean by Azure App? On the Azure portal itself you mean?

I think you may have to. The config on FortiGate is relatively simple with copy and paste. But the IdP Azure must know which SP (FortiGate) is supposed to connect. The SPs don't know of each other, the Azure portal must have either a capability to tell them apart or a separate app must be created.

 

Best regards,

 

Markus

random_guy
New Contributor III

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-SAML-SSO-login-for-FortiGate/t...

 

By Azure app I mean step 1 in the guide above.

 

In step 7, you have the ability to add additional EntityID and Reply urls. Adding the EntityID of an additional firewall prompts for authentication correctly but the first reply entry in the list is always used so the login fails. 

I really don't want to have to create a separate application for each. 

pminarik

That's a question you should direct at Microsoft/Azure. The FortiGate has no control over what the IdP does once you're on the IdPs website.

 

FortiGate sends both it's entity-ID (.../metadata) and the reply (.../saml/?acs) URIs, so if Azure is not capable of returning the user back to the correct FortiGate even when it's given all of this information on a silver platter, that's on Azure to fix, or explain.

[ corrections always welcome ]
Labels
Top Kudoed Authors