Hey Guys,
We are using forticlient with SAML connected to Azure Ad.
SAML login works ok, but further Conditional Access we try to assign are not working as expected,
Azure support sure the issue is related to Forticlient app:
"after a thorough investigation we believe that the SAML application is not utilizing the Primary Refresh Token. So we wanted to ask if there is a way to reach out to the application side's support and check if there is a way for the PRT to be utilized via some sort of re-configuration"
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @CTERA
Thanks for posting your query.
Can you please elaborate are you referring the access here to the users based on the groups or any other attributes.
I means like only the specific users should get the specific access once successfully authenticated via SAML.
Kindly share the SAML configuration from the firewall and make sure the attributes you have configured in the AZURE IDP is same in the FGT as well
Also confirm if you are giving the access based on the group object id.
Refer the below document FYR if it helps
@bhishek
SAML configured and working as expected based on allowed groups.
The issue is after connection is established - Azure app doesn't recognize the laptop as Azure complaint device.
as Azure Support claims - they say the Forticlient app doesn't utilized the Primary Refresh Token.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.