Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

FortiClient - SAML Login with Azure MFA

Hello People,

I would need assistance with configuring SAML for FortiClient's.

Already created it on one FortiGate and tested it with one user, work's perfectly.

Now the question is how would I do it for Production where we have 4 branch offices:

  • We have  4 SSL-VPN Tunnels, to the HQ and Secondary Branch Office (Main and Failover WAN Connections)
  • In Azure Enterprise Applications > FortiGate SSL VPN > SAML configuration > I just add multiple tunnels in configurations?
  • How to approach creating same configurations across FortiGate's, do I need to do it manually or I can just push it via FortiManager?
  • Groups are not available for assignment since we don't have the right plan in Azure. I need to assign users individually.

    Did somebody of you already configure this and what was your approach?

Hi @Infotech22 ,


- You can first try to push SAML config it to one FortiGate, if that works fine push it to another devices. And about the SSL VPN config you can do it manually if the interface it's listening to, [port and IP] are different across the devices. if you want to keep the group name same as other device you can push that from FortiManager and also the policy package.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors