Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiSASE LDAPS integration with Azure AAD

Hi, I am attempting to configure our FortiSASE solution to talk with Microsoft Azure/Entra LDAPS service so it can lookup Users and Groups. We already have SSO working between FortiSASE and Entra.


We have a private PKI solution in play.

I have setup Microsoft Entra Domain Services LDAPS service and can connect and browse using LDP.exe and self-signed certificates as per Microsoft documentation.

How do I get FortiSASE to talk to the Microsoft Entra Domain Services LDAPS service? I am unable to use the self-signed certs described in the Microsoft documentation even as a test!

And as I cannot install (or figure out how to) our private PKI root CA and SubCA into Entra I can't use that either.


All advice welcome on this one!




Hi David, 


Is this the configuration you're trying to achieve "Searching user groups from Entra ID SSO"? (Pag 126-127)


For this configuration, perhaps it would be better to open a case for follow up and revise configuration, SASE and Azure Entra ID.







Pedro Valente
New Contributor

Hi Pedro,

We have SSO working for user authentication using Entra AAD.


Profile – the endpoint profile needs to be matched against an LDAP server ( and will not pick this info up from a SAML authentication request.


ZTNA Tagging – Same goes for an tagging objects, these need to be populated with an LDAP query and not a SAML auth request



From what I gather from many hours playing with this, is that FortiSASE cannot use Entra LDAP service. Happy for someone to prove me wrong :)



Top Kudoed Authors