We’ve been authenticating our VPN on prem. I’m interested in changing it to SAML via Azure, but had a few questions. First, we have multiple locations, but for the most part each one are different groups. People at location B won’t VPN to location A or C or D. Do you use a different enterprise application in Azure for each site, or one app for all and manage access after the connection?
Second, our devices are all Azure joined and Intune enrolled. What is the user experience like while connecting? Does SSO kick in and reduce login prompts at all? This would be a huge benefit.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi yang121,
You can use the same enterprise application for all 3 locations/firewalls.
On Azure side, all the 3 groups should be allowed to connect.
You will filter/restrict the groups on each firewall.
config user group
edit "AzureGroup"
set member "Azuresaml"
config match
edit 1
set server-name "Azuresaml"
set group-name "azuregroupidA"
next
end
next
Only members of azuregroupidA can connect to this firewall.
This should work fine as long as the users aren't members of all 3 groups at once.
Regarding Intune, I didn't test that yet and I don't have an answer.
Maybe another member of the community could answer that.
Otherwise, I'll see if I can some back with a response in the next few days.
Hi,
But you specify the Fortigates IP/DNS in the Enterprise application under "Basic SAML configuration". So I guess you need to have one Enterprise application per Fortigate that authenticates SAML users?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.