Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nyctelecom
New Contributor

FortiClient & Microsoft Azure MFA

Hello, 

 

Can anyone point me to information related to configuring the Forticlient with MS Azure MFA?

 

Thanks!

5 REPLIES 5
ablake
New Contributor

Hey nyctelecom,

 

Do you have a Radius server with the Azure MFA client running on it? if so, all you need to do is create the Radius Server entry on your FortiGate which has to be pointed to the Radius server that is running the Azure MFA client. The Azure Client can be found on your Azure portal; go to "Azure Active Directory >>  MFA >> Server Settings" then click on the "download" link to get the MFA Server client and then click on the "Generate" link to create the activation credentials that will be needed to sync your RADIUS server to Azure MFA.

nyctelecom

Perfect.

 

Thank you!

XavierC

Hello,

I have configured an IpSec tunnel using the Radius authentication with MS Azure MFA, and it works like a charm if I use the phone call, or the notification on the authentication App (Microsoft Authenticator) on my smartphone.

But if I choose another option (SMS or code from authentication App), when I login to the Forticlient with my login/pwd and press "Connect", a new field appears, and it show "Enter your Microsoft verification code". Then I fill the field with the code I have received (SMS or App), but each time the connection fails, with a text box "VPN connection failed. Check network connection..." (translation from French, sorry ;) ).

On my radius server, I see that the NPS extension rejected the connection. It looks like the code is not correctly send from the Forticlient to the Radius server. 

The SMS/App code MFA options work correctly to access to other ressources (ie : webmail, ...)

Any idea of what could be wrong ?

 

bmduncan34
New Contributor III

Excuse me - did you end up resolving this?  I'd like to do the same thing.  

 

Thanks!

jamescarell2021
New Contributor

miniOrange Provide MFA over Forticlient VPN with 15+ MFA methods, You can connect your external Azure AD with miniOrange too. You can follow this step by step guide.
They also offer a 30-day free trial to test the solution. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors