Hey guys
we are looking for a VPN solution for our Azure AD joined Notebooks. We have configured Hello for Business and login with Face-ID or PIN. Is the FortiClient able to connect the VPN with SAML and without user interaction (Usertunnel)?
We would have a Conditional Access Policy in AAD to make sure that only compliant devices and mfa are allowed to use SAML.
Thanks for your help on this.
Best regards
Marc
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Marc,
I don't think FortiClient knows about Windows Hello. SAML will additionally need a password to use, it won't be able to use whatever keystore Windows Hello stores its stuff against (nothing should be able to read that).
Best regards,
Markus
Hi Marc,
I don't think FortiClient knows about Windows Hello. SAML will additionally need a password to use, it won't be able to use whatever keystore Windows Hello stores its stuff against (nothing should be able to read that).
Best regards,
Markus
Hi Markus
we tested also the Netmotion Mobility Client witch is able to accomplish this. Login with SAML to AAD with Hello for Business with zero User action requiered. So we were looking for that for the Forticlient.
But thanks for your help.
Best regards
Marc
Are you sure a VPN is the best solution? It seems to me that you need to consult with professionals who can advise you on more secure methods of logging into windows.
Hello,
I prefer to use this already existing topic instead of opening a new one.
Much like @mkuhn79 we are setting up windows hello for business for all our users, we already use forticlient to connect via SSL VPN, but using LDAP connection (asking once again for the user password)
We now plan to make them use 2FA (via Windows Hello for Business mainly) to connect to the VPN. SAML configuration works with my test users, but i can only connect to my Azure account using password + 2FA (sms or autheticator). I don't understand why the Windows Hello for Business option is not even showed. I tried to use SAML for SSO on other apps, and it works just fine with Windows Hello for Business.
Is there something missing in Fortinet configuration i could have missed ?
Pardon my english, thanks in advance for any anwser
Regards,
Florian
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.