When adding an authentication server in EMS I only ever get 1 domain even when the tenant has multiple domains registered and synced. These aren't subdomains but two different unique domains.
example1.com
example2.com
The only information I provide is the tenant ID, client ID, and secret. And then I only get 1 domain available for doing user to OU matching to assign policies.
How do I get all of the available domains that are synced in azure so I can can assign policies? Currently I have to create workgroups and assign the users to that either manually or with group assignment rules.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
In the earlier stages of 7.2.x we used to provide a workaround like described below.
This behavior changed after 7.2.3 due to a resolved issue over bug 953051.
Starting from version EMS 7.2.3 supports UPNs with different domain names rather than the imported one, as long as the SAML attributes contain the right user UPN.
https://docs.fortinet.com/document/forticlient/7.2.3/windows-release-notes/22791/resolved-issues
I see, thanks for clarifying.
Unless someone comes in and corrects me, this feels like a scenarion that we may not have accounted for, and may need an NFR or a "bug fix", depending on how it ends up being classified. I would recommend opening a TAC ticket to get attention on this.
This seems to be working, kind of, after upgrading from 7.2.1 to 7.2.3. I don't know if anything else doesn't work after the upgrade but users from both UPNs can now verify.
Sorry I have no experience with EMS yet as we do not yet use it.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thanks guys for answering so quickly :)
Hello,
In the earlier stages of 7.2.x we used to provide a workaround like described below.
This behavior changed after 7.2.3 due to a resolved issue over bug 953051.
Starting from version EMS 7.2.3 supports UPNs with different domain names rather than the imported one, as long as the SAML attributes contain the right user UPN.
https://docs.fortinet.com/document/forticlient/7.2.3/windows-release-notes/22791/resolved-issues
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.