FortiGate SSL VPN with Azure AD SAML/SSO MFA configuration
i currently set up a test group for SAML login via Azure AD over SSL VPN.
So the problem is, when i use "Use external browser for login" i am immediatly connecting to the tunnel without any further authentication. I guess thats because my browser is remembering my microsoft session almost forever. And when i use the default setup (login window in FortiClient) it is always asking for username, password and MFA.
The question is: How can i configure MFA login in the SSL VPN application only asking for Authenticator confirmation oder any other 2nd factor without asking for username and password because username and password is already confirmed with the windows login on the endpoint.
I also tried several conditional access configurations but nothing seems to fit to really improve users quality of life while keeping security on a high level.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.