Hello,

we've configured SAML VPN SSL Login with Azure AD and everything is working.

When we've configured the connector we used IP address of VPN SSL service of Fortigate like this:

set entity-id "https://X.X.X.X:XXXX/remote/saml/metadata"
set single-sign-on-url "https://X.X.X.X:XXXX/remote/saml/login"

Now we've create an FQDN to access the VPN service like sslvpnurl.domain.com.

When authenticating via Forticlient users receive a certificate error because even though the certificate configured is correct on Fortigate (*.domain.com) and Forticlient is configured to use FQDN, the SAML configuration is configured with IP address, so I think it's there the problem.

Now I would like to change the Entity ID, SSSO Sing In and Sign Out URL on Fortigate configuration like this:
set entity-id "https://sslvpnurl.domain.com:XXXX/remote/saml/metadata"
[....] [...]

so the error would disappear, I believe.

Do I have to change the same configuration on Azure side, otherwise auth would not work anymore or not?

Thanks

BR

Now I would like to