Hey,
i currently set up a test group for SAML login via Azure AD over SSL VPN.
So the problem is, when i use "Use external browser for login" i am immediatly connecting to the tunnel without any further authentication. I guess thats because my browser is remembering my microsoft session almost forever. And when i use the default setup (login window in FortiClient) it is always asking for username, password and MFA.
The question is: How can i configure MFA login in the SSL VPN application only asking for Authenticator confirmation oder any other 2nd factor without asking for username and password because username and password is already confirmed with the windows login on the endpoint.
I also tried several conditional access configurations but nothing seems to fit to really improve users quality of life while keeping security on a high level.
Any suggestions here? Whats the way to go?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @yunnun,
I don't think it is possible to bypass the first factor authentication as the FortiClient will redirect the user to SAML authentication URL once users try to connect.
Regards,
Hi there,
I believe that SAML is not supported as of now for Window before logon feature so there is no way to by pass the username and password part.
For the caching issue, please refer to this document for more detail "https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiClient-Caching-SSL-VPN-SAML-Authentic...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.