FortiAuthenticator OAUTH - Google Workspace not working

cyberexplorer · ‎01-08-2024

Hello team,

I have been trying to configure FortiAuthenticator as an IDP proxy for google workspace for a few days now. Unfortunately, Fortinet only has a full documentation on how to do it with Azure. But only half documentation for Google Workspace.

I am stuck at the point where, when I configure my service account in GCP following this procedure https://support.google.com/a/answer/7040511?hl=en&ref_topic=4498019&sjid=3081473869943439631-NA#step...

The SAML groups don't synchronise from Google workspace to FortiAuthenticator. Does anyone here have a procedure, documents of knows how to make Oauth work between FortiAuthenticator and google workspace?

rbraha · ‎01-08-2024

Hi @cyberexplorer

Please refer to the below documentation regarding configuration of FAC side as Saml IDP with Google Workspace

https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/333771/saml-idp-proxy-for-googl...

cyberexplorer · ‎01-08-2024

Hello @rbraha ,

I have been following this doc for the last 2 days. This docs is ok for FortiAuthenticator, but it does not help me for the google workspace side. The doc does not show how to configure things (SAML, Oauth, Service account, attribute mapping) on the google workspace side.

Do you have any doc on that?

rbraha · ‎01-10-2024

Hi @cyberexplorer

Please check with google support side if they can provide some documentation about this configuration.

cyberexplorer · ‎01-10-2024

Hi @rbraha , with all due respect, as a vendor of a product, it is your responsibility to provide guidance on how to integrate with officially supported third party products mentioned in your documentations and datasheets.

If Fortinet had not mentioned that FortiAuthenticator was officially supported as an IDP proxy with google workspace I would have understand and I would have not expected any documentations. But since it is mentioned officially, I expect complete documentation.

For example, Fortinet made this amazing video on how to configure FortiAuthenticator as an IDP proxy with Azure https://www.youtube.com/watch?v=UymIqkaVRqw&t=301s

This is exactly what I am trying to achieve with google workspace. Do you have something similar to this youtube video that would guide me to configure google workspace like it was done for Azure?

AndryanVT · ‎03-18-2024

Hello,

Do you have any success on this?

I faced the some problem with no guidance on the service account creation on Google that satisfy the FortiAuthenticator requirement

Thanks

cyberexplorer · ‎03-22-2024

Yes it is working now, I found the solution.

You need to connect your FortiAuthenticator with LDAPS to Google workspace, from there you can sync all your identities. https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/442690/google-workspace-integra...

Once you have that, then you need to configure Workspace as an SP to your FAC that will be the IDP. https://www.ultraviolet.network/post/configuration-guide-fortiauthenticator-as-google-workspace-saml...

From there you can inject your FortiTokens.

FortiAuthenticator OAUTH - Google Workspace not working

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website