Hello.
We'd like to configure our FortiAuthenticator as SAML IdP. The first authentication factor is password from AD. We've tested several OTP options: fortitoken, sms, email, etc. and the work fine but we'd like to use another second factor: client certificate. We've used local CA or remote CA, and we've configure "certificate bindings" under user configuration, but when SAML web page is shown, it only asks for username and password, and it doesn't prompt to chose a certificate.
Anyone knows if it's possible to configure 2FA with AD password and user certificate?.
Thank you!.
Solved! Go to Solution.
Hello Tony,
Unfortunately this is not supported yet. Even if you set certificate bindings on user. This currently can only work for radius. Only second factor under SAML can be:
Best regards,
Lazar
Hello tonyagustin,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello tonyagustin,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Hello Tony,
Unfortunately this is not supported yet. Even if you set certificate bindings on user. This currently can only work for radius. Only second factor under SAML can be:
Best regards,
Lazar
As far as I am aware, this is not currently supported.
Certificate-bindings are used only for EAP-TLS authentication, SAML IdP currently doesn't support client-certificate verification. You'll need a new feature request for this.
Thank you all for your answers!
Dear Sir،,
If you don't mind to share the steps I need to configure authenticator using saml to login to OWA Mircosoft exchange
Thanks for your support
Did MFA worked for Exchange AciveSync and AnyWhere ?
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.