Hi all,
I'm trying to move our VPN's away from SSL to IPSEC which I've managed to do for our Windows machines (which are the majority) but I've been struggling to get iPads to work so I've managed to get them working on IKEv2 with a pre shared key as long as i don't enable 2FA (just to confirm the VPN works) but I've found an updated post on Fortinet that due to a limitation on IOS that you can't use 2FA on IPSEC with a pre-shared key and the only option is to use SAML certificates however there seems to be a lot of confusing information on going about this and what exactly is needed.....so....am i correct in understanding that to get iPads to connect using IKEv2 and 2FA that i only need our FortiGate 100F and an identity provider such as Azure ? I don't NEED EMS or anything else to get this to work do i ?
Also can the 100F do the IdP part as well instead of Azure etc just so it's all contained on the one box ?
I'm just trying to clarify what different devices/platforms i need to get together before i start down this road in case there is any extra cost ?
Any advice will be great.
Solved! Go to Solution.
Thanks Anthony, you can close this off now as i've managed to get it setup in the meantime but if anyone else comes across this with the same question i've found that you only need Azure and the Fortigate and nothing else. The EMS "can" push out configs to the end devices if you have it so it makes rolling it out easier and it will also allow a greater range of control to what resources you want users to access but it's not needed for the SSO. This also then removes the need for the Fortitoken 2FA as the 2FA is done via Microsoft SSO (and we use sms code to users phones for this anyway)
Hello,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
We are still looking for someone to help you.
We will come back to you ASAP.
Thanks,
Thanks Anthony, you can close this off now as i've managed to get it setup in the meantime but if anyone else comes across this with the same question i've found that you only need Azure and the Fortigate and nothing else. The EMS "can" push out configs to the end devices if you have it so it makes rolling it out easier and it will also allow a greater range of control to what resources you want users to access but it's not needed for the SSO. This also then removes the need for the Fortitoken 2FA as the 2FA is done via Microsoft SSO (and we use sms code to users phones for this anyway)
User | Count |
---|---|
2624 | |
1393 | |
804 | |
670 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.