Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FXE_FTNT
New Contributor II

Created on ‎01-18-2024 11:28 PM Edited on ‎02-26-2024 03:33 AM By Community Manager

FGT SSL VPN with Microsoft Authenticator

Hi Guys,

 

Is it possible to directly integrate the on-premise FortiGate with SSL VPN use case to my Microsoft Authenticator to be my 2FA mechanism? Or, should I use a RADIUS server like FortiAuthenticator where the FortiAuthenticator will be the integration point of my FGT, AD, and Microsoft Authenticator? Thank you.

 

Thanks

22144
2 Solutions
ozkanaltas
Valued Contributor III

Created on ‎01-19-2024 12:30 AM

Hello @FXE_FTNT ,

 

If you use Azure AD, you can use Microsoft Authenticator with SAML integration directly. But if you want to use Radius, you need to integrate Fortigate into NPS.

 

You can review these documents.

 

https://docs.fortinet.com/document/fortigate-public-cloud/7.4.0/azure-administration-guide/517582/co...

 

https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
22130
FXE_FTNT
New Contributor II
In response to ozkanaltas

Created on ‎01-19-2024 01:15 AM

Hi @ozkanaltas , thank you so much for your help.

About the FortiGate SSL VPN app in Azure, I saw it in this tutorial and I am not sure what is the purpose of it. https://www.youtube.com/watch?v=nDH2wvveLrI

View solution in original post

22098
0 Kudos
11 REPLIES 11
FXE_FTNT
New Contributor II
In response to ozkanaltas

Created on ‎01-19-2024 01:40 AM

Thanks again for the help @ozkanaltas 

2946
justenglabs1
New Contributor III

Created on ‎02-28-2024 09:01 AM

I am a month late on this thread, but I am wondering if anyone has built this and is comfortable with this in production?  I worked through this with a customer.  We had FGT's, FAC and Azure.  We went through the process of configuring Azure as the SAML Idp and interconnected it to FAC configured as an Sp.  We got it functioning, but it was limited and it had issues.  In order to do this, you need to be working with FortiClient 7.2.x and even with that it is not 100%.  You can confirm a user auth, but that is about it.  TAC said somewhere in the 7.2.x FCT releases more functionality between Azure and Fortinet will be provided.  The biggest limitation we saw was not being able to use computer objects in EMS which was a show stopper.

 

Would rather be in the wilderness
Would rather be in the wilderness
2833
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.