Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kkoshan
New Contributor

Created on ‎03-01-2023 05:41 PM Edited on ‎03-01-2023 05:41 PM

FortiManager SSO account can't delete/authorize a device but local account with the same profile can

Hi,

 

We have recently enabled SSO SAML Authentication on our FortiManager and FortiAnalyzer (Firmware 7.2.2) and we have managed to make it work. Logins are successful and SSO SAML users are getting the correct Admin Profile, however they get error messages when they try to Authorize a new device or delete current device in FortiManager. When I am using a local admin account with the same Admin profile, it can authorize and delete devices with no issues.

 

KK
KK
Labels:
2216
0 Kudos
6 REPLIES 6
Anthony_E
Community Manager
Community Manager

Created on ‎03-05-2023 09:00 PM

Hello KK,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
2190
gfleming
Staff
Staff

Created on ‎03-06-2023 09:06 PM

What system is acting as the SAML IDp? Is this FortiCloud IAM stuff? Azure AD?


How are you confirming users are getting the correct Admin Profile?

Cheers,
Graham
2186
Komeo
New Contributor

Created on ‎03-13-2023 04:43 AM

Hello, 

Same behavior here.
It seems this occures sinse the last upgrade.
We are using SSO SAML for several weeks with no issues.
Since the last upgrade (fotigate to 7.2.4 due to the last CVE, and fortimanager to 7.2.2) SSO admins cannot refresh devices, the re-install policies fails to etc
Tried to delete the user and reconnect with no effect.

Regards, 
Teddy

2167
mhering-Forti
New Contributor

Created on ‎03-14-2023 07:21 AM

Having similar issues with SAML login to FortiManager (Azure AD as the IDP)  admins are super users and can do most functions (Create/Edit policy, add users/devices etc etc), but some functions just don't work.  For example, when attempting to create a VPN Template get "no workspace permission" even though I have a valid workspace session etc.   Also cannot edit scripts.   Local logins work fine.  Admittedly older version of FM (7.0.2)  

2155
0 Kudos
rwatkins1145
New Contributor

Created on ‎03-29-2024 07:36 AM

Same issues. Are there any updates on this?

1450
0 Kudos
vraev
Staff
Staff

Created on ‎03-31-2024 11:44 PM

Hello,

 

Please review the output from the following debug command(CLI under local admin):

diagnose debug application authd 255
diagnose debug enable

Then tried to login with the user with the problem. Also, please review the profile that is related with this user and if the JSON api is allowed or not.

 

To stop it:
d de dis
d de reset

V.R.
1428
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.