Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MoccaMaster
New Contributor III

Configure SSLVPN to use SSO using EMS

We have been using EMS previously for configure my FortiClients to autodeploy VPN connection using the classic SSLVPN with username/password options.

 

Now we have configures our VPN connection to utilize AzureAD using SAML login.

However, I dont see this option when configuring VPN settings in the EMS settings. 

On the client its a simple tick on/off option, but its seems like this is not possible when deploying the settings from EMS. 

Are there any tricks to utilize this? I have downloaded EMS 7.2, and there is not option to enable SSO, when configuring the VPN connection.

 

 

1 Solution
rosatechnocrat
Contributor II

You may want to check the below Article. This shows all the steps to integrate and deploy SAML using Azure AD. 

 

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/967cd9f0-70ff-11ed-8e6d-fa163e...

Rosa Technocrat --

Also on YouTube---

Please do Subscribe

View solution in original post

Rosa Technocrat --Also on YouTube---Please do Subscribe
3 REPLIES 3
rosatechnocrat
Contributor II

You may want to check the below Article. This shows all the steps to integrate and deploy SAML using Azure AD. 

 

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/967cd9f0-70ff-11ed-8e6d-fa163e...

Rosa Technocrat --

Also on YouTube---

Please do Subscribe
Rosa Technocrat --Also on YouTube---Please do Subscribe
MoccaMaster
New Contributor III

@rosatechnocrat  thanks for the response, however this is not what I wanted. 

I have configured my Fortigate to use AzureAD SSO (SAML), and the forticlient should just contact the Fortigate using SSO. 

However, using the document I found a way to solve my issue.

If anyone else coming by this is how I managed to get it solved.: 
In EMS > Endpoint Profiles, edit you profile (I was still on 7.0.2 at this time). 

In the profile you need to edit the XML Configuration in the "XML Configuration" Tab. 

Scroll down to the <vpn> section, find your connection and change <sso_enabled> value from 0 to 1

Save the config, and wait for the clients to sync the settings. 

rosatechnocrat
Contributor II

@MoccaMaster : Thanks for the update and glad the issue was resolved. I had given that doc as it contain almost all steps. Was not sure what might be missing for you.

 

 

Thanks again and for accepting the solution. 

Rosa Technocrat --

Also on YouTube---

Please do Subscribe
Rosa Technocrat --Also on YouTube---Please do Subscribe
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors