Good day,
I am working on a project to move from Domain Joined Windows 11 computers to Microsoft Entra Only Joined computers, I have a FortiGate FGT200F with Firmware 7.X which currently authenticates users via FSSO in the local Windows Domain via LDAP to determine which Web Filter Policies to apply based on their Active Directory group membership.
My test Entra Only joined Windows 11 computers are having issues getting the correct Web Filter Policies from the FortiGate and are ending up going to the Catch-All policies, does anyone have any experience with how to do authentication with Entra Only Joined computers on a FortiGate?
I have Microsoft Entra Connect Sync Pass-through authentication setup and it is working to authenticate Entra Only computers to the local Active Directory so users can gain access to network resources.
Would I need to create groups in Entra the same as the local Domain groups and authenticate to them? And if so, how is this done?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Traditional FSSO doesn't see pure Azure/Entra-joined computers.
There's two general options you can take:
FSSOMA (...mobility agent) - Needs FortiAuthenticator and FortiClient (FCT can be free). Monitoring user logon sessions is now supported for Entra domains. Under ideal conditions the users will not see any difference. (apart from maybe noticing that FortiClient is now installed :) )
Captive portals - Captive portal authentication can be configured and supports SAML. Fairly easy to setup, but disruptive to traffic. (HTTP/S redirected to captive portal, other traffic dropped, until user authenticates)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1529 | |
1027 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.