Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alex1
New Contributor II

Fortiauthenticator SAML authentication

Hi team, 

 

I am trying to set up two-factor authentication using SAML for my ZTNA server. I am using Fortigate as the SP SAML and Fortiauthenticator as the SAML idP. The private address of my Fortiauthenticator is 10.1.1.2. The same ip address I use as the SAML idP.
I configured the VIP to Fortigate VIP 172.172.172.172:11443->10.1.1.2:443 so that the client can access the SAML idP from the internet. When I try to connect from the internet, I get to the Fortiauthenticator login page and not the SAML idP authorization page.

Can I use the same IP address 10.1.1.2 for Fortiauthenticator, both the management IP and the SAML idP?

 

Снимок.PNG

 

 

FortiAuthenticator FortiGate #SAML #ZTNA

RickSanchez
RickSanchez
2 REPLIES 2
Anonymous
Not applicable

Hello

 

What you have configured is basically a port forward to FAC , so when you hit it from outside it will lead to the FAC login page

 

Can you clarify your end objective further, so you want to administer fgt via saml auth ?

If yes please cross-check with the guide for admin firewall SAML auth

 

https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-Configuring-SAML-SSO-login-for-Fo...

 

Technical Tip: FortiGate SAML authentication resource list

Alex1
New Contributor II

Hi,

 

@Anonymous I want two-factor authentication using Fortiauthenticator to access the ZTNA 10.1.2.2 server. But instead of https://172.172.172.172:11443/saml-idp/portal/ I get to https://172.172.172.172:11443/login/?next=/, which is the Fortiauthenticator login page

 

I am trying to implement this scenario https://docs.fortinet.com/document/fortigate/7.0.9/administration-guide/259754/ztna-access-proxy-with-saml-and-mfa-using-fortiauthenticator-example

RickSanchez
RickSanchez
Labels
Top Kudoed Authors