FortiGate IKEv2 + SAML (Microsoft Entra ID) — “Firewall Authentication Failed” after MFA

Vanja98 · ‎09-26-2025

Hello everyone,

We’re looking for guidance on an issue with FortiGate IKEv2 + SAML (Microsoft Entra ID). Below are the key details and symptoms.

Environment

Appliance: FortiGate 201G

FortiOS: v7.6.4 build3596 (Feature)

Symptoms

FortiClient opens the Microsoft Entra sign-in page and we receive the MFA push.

After approving MFA, the client returns “Firewall Authentication Failed.”

We are not able to access the ACS URL from the web. We get this page can’t be reached.

What we did
We followed the community article for Microsoft Entra ID SAML with FortiGate IPsec (IKEv2) and Fortinet’s official IPsec+SAML guide step by step, but the issue persists.

Note: Before switching, we were using RADIUS for authentication and it was working.

Any advice on additional checks or known caveats with FortiOS 7.6.4 for IKEv2 + SAML would be appreciated. Thank you!

funkylicious · ‎09-26-2025

hi,

have a look at https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SAML-Authentication-fails-after-firm...

"jack of all trades, master of none"

View solution in original post

funkylicious · ‎09-26-2025

hi,

have a look at https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SAML-Authentication-fails-after-firm...

"jack of all trades, master of none"

Vanja98 · ‎09-26-2025

Thank you for the quick help—your guidance did the trick. We’re authenticating successfully now.

FortiGate IKEv2 + SAML (Microsoft Entra ID) — “Firewall Authentication Failed” after MFA

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website