Hi people. Im a little confuse for this configuration.
Actually, we're using Entra ID (Azure AD) SSO for ssl vpn and works great.
In my fortinet, the saml config are on port 10043.
Here are the settings:
config user saml
edit "ssl-azure-saml"
set cert "Fortinet_Factory"
set entity-id "mypublicURL:10443/remote/saml/metadata"
set single-sign-on-url "mypublicURL:10443/remote/saml/login"
set single-logout-url "mypublicURL:10443/remote/saml/logout"
set idp-entity-id "https://windows.net/4b7xx12e-xxxxxxx7f9ef4xxx9a/"
set idp-single-sign-on-url https://login.microsoftonline.com/4b70212xxxxxxxa-a901-97xxxxxx9a/saml2"
set idp-single-logout-url "https://login.microsoftonline.com/4b7xxxcc32-4xxxxf4bda9a/saml2"
set idp-cert "REMOTE_Cert_2"
set user-name "username"
set group-name "group"
Now, we're setting up Entra SSO for outbound traffic, but using port 1003, according to thi document:
https://docs.fortinet.com/document/fortigate/6.4.14/administration-guide/33053
I´m lost.. Forti it doesn't let configure both services? SSL VPN (port 10443) and Outbound traffic (port 1003) with Entra ID.
Thanks to all!
Eduardo.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hello,
Please refer to the document for multiple Service Providers on a single Azure enterprise application for SAML authentication
Hello,
You cannot use the same SSO instance for SSLVPN and outbound authentication on the same FortiGate. They would have to be two different instances.
Thanks, Ade_23...
But, inside the fortigate, how do you create anothes SSO instance?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.