- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Controlling ZTNA access via Active Directory
Now that I have all my users using SSL VPN similar to how our old Cisco AnyConnect was working I would like to start learning and then implementing ZTNA to better control the users.
My EMS Cloud, FortiClients and FortiGate all use ADFS for SAML. Is there anyway to setup ZTNA such that the groups the user is in controls their access to devices? For example. If I have a user in Dev group I want that user to be able to SSH to a CIDR address list. I also want them to be able to connect to HTTPS to another CIDR address list. Then I have a group like AppSupport that should only HTTPs to 2 different CIDR address groups. Then I might have a third user which has both AD groups (Dev and AppSupport) so they should be able to access the combined CIDRs.
Is this at all possible???
What
Solved! Go to Solution.
- Labels:
-
FortiClient EMS
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Please refer to the following document to configure secure remote access in EMS which is essential to prohibit or allow access to IPSec or SSL VPN connection through zero trust tag
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Please refer to the following document to configure secure remote access in EMS which is essential to prohibit or allow access to IPSec or SSL VPN connection through zero trust tag
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Let me see if I can summarize this correctly. I can create ZTNA rules in EMS for each AD group assigning tags based on the groups. Then when the user VPNs in the FortiGate will see the TAGs and can apply security rules for each group in an ADDitive fashion. So that person a with Tag A and Tab B will get the rules for both tags but person b with only Tag A will only get the rules for Tag A.
Is that about it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes that should work. Thank you
![](/skins/images/03B6F9D09B0B73D4E0068FD5D5412A2D/responsive_peak/images/icon_anonymous_message.png)