Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jsotta
New Contributor

Created on ‎09-24-2024 11:35 PM

FortiNAC Captive Portal using Azure AD authentication thru SSID

Hi, 

I just like to seek a help regarding on my ongoing troubleshoot about using the FortiNAC Captive Portal Login using azure AD athentication. I already follow up this steps but its seems is not working on my end Overview | FortiNAC-F 7.2.0 | Fortinet Document Library . The scenario was if the user wants to connect on Wireless connection user must have their AD account to join on the network. BTW our all product are Fortinet, Fortigate Firewall FortiAP,Fortiswitch, and FortiNAC. 

@ebilcari 

Thank you!

@

.>

Labels:
677
0 Kudos
6 REPLIES 6
amonmi2
New Contributor

Created on ‎09-25-2024 12:16 AM

If pure Azure AD is your goal (not even a virtual DC via Azure AD DS), then AFAIK EAP-TLS with Azure-AD-authed certificate provisioning is your only option if you want native wifi auth. Something like this for example. Otherwise there's always the captive portal approach.

10.0.0.0.1 192.168.1.254
10.0.0.0.1 192.168.1.254
665
0 Kudos
jsotta
New Contributor
In response to amonmi2

Created on ‎09-25-2024 06:21 PM

Hi @amonmi2 , I got your point but we wanted to maximize the use of fortiNAC using thier portal way of authentication.

569
0 Kudos
ebilcari
Staff
Staff

Created on ‎09-25-2024 12:49 AM

This configuration is proven to work normally. What type of issues are you facing, is the portal showing on the end users, can they proceed with Azure login? Which version of FortiNAC are you currently running?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
654
jsotta
New Contributor
In response to ebilcari

Created on ‎09-25-2024 06:09 PM Edited on ‎09-25-2024 06:22 PM

Portal is not showing on the user end. I used open SSID and the optional VLAN is point to the isolated VLAN. The version of FortiNAC is 9.4.4.0767
Screenshot 2024-09-26 090719.png


573
0 Kudos
ebilcari
Staff
Staff
In response to jsotta

Created on ‎09-26-2024 12:47 AM

As a start please follow all the steps covered in this article than after the portal is successfully open in the end host you can continue with portal customization to use Azure AD. As shown in the article, 'Client MAC Address Filtering' and 'Dynamic VLAN assignment' are required in SSID configurations.

 

ebilcari_0-1727336730175.png

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
513
0 Kudos
Hatibi
Staff
Staff
In response to jsotta

Created on ‎09-30-2024 12:27 AM

If the captive portal is not appearing the steps on this article might help:

https://community.fortinet.com/t5/FortiNAC-F/Technical-Tip-Captive-Portal-is-not-showing-for-Rogue-H...

388
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.