Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Rdelvi
New Contributor

Configure forticlient with Azure SSO

Hello Everyone,

I have a problem configuring  the Forticlient  with Azure SSO (Azure in mode hybrid using ADFS, my account has MFA configured too). When I want to connect and login, don't show me to put the username and password. In the web forticlien version, this is working.

I tried with forticlient (ver 6  and 7) and windows 10.

Someone has configured forticlient with Azure SSO?

Thanks a lot.

5 REPLIES 5
Debbie_FTNT
Staff
Staff

Hey Rdelvi,

are you trying a setup with SAML authentication, or what exactly do you mean with Azure SSO in this context?

If SAML:

Do you have the Single-Sign-On option enabled in SSLVPN?

Debbie_FTNT_0-1645090112778.png

If yes, then you should see an SSO login option only when trying to connect to VPN; this will open a browser through FortiClient and direct you to Azure for the login. You don't actually type the username/password into FortiClient directly.

 

If this is not SAML, can you elaborate on the FortiGate side setup and how the user should be authenticated against Azure? You will also need to disable the Single Sign On option in VPN tunnel, as that is only for SAML login.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Maerre

Hello,

 

i'm going to do the same implementation, where do i have to issue the cli command?

On the root vdom, on the global or in another vdom?

 

thank you

Julien87

Hi,

 

I have follow this link for my MFA with Azure and it's ok. Warning just with slash / at the end of idp-entity-id (if my mind is good....)

 

https://www.ultraviolet.network/post/implementation-guide-fortigate-ssl-vpn-with-microsoft-azure-sam... 

 

 

Best regards,

Julien
Julien
Maerre

Hi @Julien87 

 

thanks, i watched out this useful link, however, it's not clear to me where to make the config: on the root vdom or the other ones if i have a multi vdom environment?

 

thank you

Julien87

Hi,

I have no try with multiple vdom.

I would say that the configuration is to be done by vdom.
This will allow you to use multiple tenants.

I cannot try that in my lab.

 

otherwise you must be able to make rules from the root vdom to the other vdoms.

 

Best regards,

 

Julien
Julien
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors