FortiNAC integration with EntraID

doncacciatoconsuting · ‎02-12-2025

Currently I have a typical Active Directory on-prem setup.

1- Persistent Agent gleans the username from the PC.

2- NAC is linked to AD and pulls the group info for the user.

3- NAC sends the group tags to the Fortigate for use in FW policy to limit access for certain groups

If we move to EntraID (which does not have directory services), how can we keep this design ?

Is there any kind of workaround ?

Don

Hatibi · ‎02-14-2025

Yes, at the moment FortiNAC can use only AD on-premise as native authentication source for Persistent agent, radius or other methods.

Once Entra ID will be supported in FortiNAC new releases, it will be able to perform authentication and user/group lookup in Entra ID and use that group membership in policies etc..

View solution in original post

AEK · ‎02-12-2025

I'd see from FortiAuthenticator side if it can help.

Edit: I mean you may explore the possibility to put FAC between FNAC and Entra ID.

AEK

Hatibi · ‎02-13-2025

This is being planned to be added in FortiNAC future releases.

doncacciatoconsuting · ‎02-13-2025

Is it safe to say that until the new feature request becomes available, there is only 1 option to accomplish my firewall tagging requirement: Purchase and deploy Entra Domain Services ?

Hatibi · ‎02-14-2025

Yes, at the moment FortiNAC can use only AD on-premise as native authentication source for Persistent agent, radius or other methods.

Once Entra ID will be supported in FortiNAC new releases, it will be able to perform authentication and user/group lookup in Entra ID and use that group membership in policies etc..

doncacciatoconsuting · ‎02-14-2025

thanks all !

FortiNAC integration with EntraID

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website