Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FXE_FTNT
New Contributor II

FGT SSL VPN with Microsoft Authenticator

Hi Guys,

 

Is it possible to directly integrate the on-premise FortiGate with SSL VPN use case to my Microsoft Authenticator to be my 2FA mechanism? Or, should I use a RADIUS server like FortiAuthenticator where the FortiAuthenticator will be the integration point of my FGT, AD, and Microsoft Authenticator? Thank you.

 

Thanks

2 Solutions
ozkanaltas
Valued Contributor III

Hello @FXE_FTNT ,

 

If you use Azure AD, you can use Microsoft Authenticator with SAML integration directly. But if you want to use Radius, you need to integrate Fortigate into NPS.

 

You can review these documents.

 

https://docs.fortinet.com/document/fortigate-public-cloud/7.4.0/azure-administration-guide/517582/co...

 

https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-nps-extension

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
FXE_FTNT
New Contributor II

Hi @ozkanaltas , thank you so much for your help.

About the FortiGate SSL VPN app in Azure, I saw it in this tutorial and I am not sure what is the purpose of it. https://www.youtube.com/watch?v=nDH2wvveLrI

View solution in original post

11 REPLIES 11
FXE_FTNT
New Contributor II

Thanks again for the help @ozkanaltas 

justenglabs1
New Contributor III

I am a month late on this thread, but I am wondering if anyone has built this and is comfortable with this in production?  I worked through this with a customer.  We had FGT's, FAC and Azure.  We went through the process of configuring Azure as the SAML Idp and interconnected it to FAC configured as an Sp.  We got it functioning, but it was limited and it had issues.  In order to do this, you need to be working with FortiClient 7.2.x and even with that it is not 100%.  You can confirm a user auth, but that is about it.  TAC said somewhere in the 7.2.x FCT releases more functionality between Azure and Fortinet will be provided.  The biggest limitation we saw was not being able to use computer objects in EMS which was a show stopper.

 

Would rather be in the wilderness
Would rather be in the wilderness
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors