Fortiauthenticator SAML authentication

Alex1 · ‎12-23-2022

Hi team,

I am trying to set up two-factor authentication using SAML for my ZTNA server. I am using Fortigate as the SP SAML and Fortiauthenticator as the SAML idP. The private address of my Fortiauthenticator is 10.1.1.2. The same ip address I use as the SAML idP.
I configured the VIP to Fortigate VIP 172.172.172.172:11443->10.1.1.2:443 so that the client can access the SAML idP from the internet. When I try to connect from the internet, I get to the Fortiauthenticator login page and not the SAML idP authorization page.

Can I use the same IP address 10.1.1.2 for Fortiauthenticator, both the management IP and the SAML idP?

FortiAuthenticator FortiGate #SAML #ZTNA

RickSanchez

Anonymous · ‎12-23-2022

Hello

What you have configured is basically a port forward to FAC , so when you hit it from outside it will lead to the FAC login page

Can you clarify your end objective further, so you want to administer fgt via saml auth ?

If yes please cross-check with the guide for admin firewall SAML auth

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Configuring-SAML-SSO-login-for-Fo...

Technical Tip: FortiGate SAML authentication resource list

Alex1 · ‎12-23-2022

Hi,

@Anonymous I want two-factor authentication using Fortiauthenticator to access the ZTNA 10.1.2.2 server. But instead of https://172.172.172.172:11443/saml-idp/portal/ I get to https://172.172.172.172:11443/login/?next=/, which is the Fortiauthenticator login page

I am trying to implement this scenario https://docs.fortinet.com/document/fortigate/7.0.9/administration-guide/259754/ztna-access-proxy-with-saml-and-mfa-using-fortiauthenticator-example

RickSanchez

Fortiauthenticator SAML authentication

Nominate a Forum Post for Knowledge Article Creation