We have setup our Fortigate 80F to connect to our AzureAD. All seems to work fine, but users immediately logout after the credentials are checked.
So either if we connect through the webinterface or the FortiClient software, we fill in the credentials of the user.
The login is validated and immediately we get 'Microsoft: You've signed out of your account.'
Followed by a 'Session ended' screen from the Fortigate.
I have followed all steps here: https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial#config...
But I seem to have missed something. Anyone any idea?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 10-18-2022 07:24 AM
Hello
Normally we would need debug to be able to provide a solution but I would first recommend to recheck the setup since this is a new configuration which never worked before :
So please refer to this complete step by step guides
1)
2)https://yura.stryi.com/en/2021-03-05/fortigate-ssl-vpn-azure-mfa/
After checking the configuration ,I would kindly ask you to run the following debugs, and try to reproduce the issue:
diag debug reset
diag debug console timestamp enable
diag debug app samld -1
diag debug app sslvpn -1
diag debug enable
Please also note the username used in the test, which group should the user be a member of and which SSLVPN portal you expect the user to be mapped to.
Also please refer to the last session on this article for the mos common issues and misconfigs
Please let us know the outcome and if the issue still persists
Regards
Edvin.
Created on 10-18-2022 07:24 AM
Hello
Normally we would need debug to be able to provide a solution but I would first recommend to recheck the setup since this is a new configuration which never worked before :
So please refer to this complete step by step guides
1)
2)https://yura.stryi.com/en/2021-03-05/fortigate-ssl-vpn-azure-mfa/
After checking the configuration ,I would kindly ask you to run the following debugs, and try to reproduce the issue:
diag debug reset
diag debug console timestamp enable
diag debug app samld -1
diag debug app sslvpn -1
diag debug enable
Please also note the username used in the test, which group should the user be a member of and which SSLVPN portal you expect the user to be mapped to.
Also please refer to the last session on this article for the mos common issues and misconfigs
Please let us know the outcome and if the issue still persists
Regards
Edvin.
Hi,
Thanks so much for the links. I have figured out what I did wrong.
For some reason the tut I had, set the config user group
FortiGateAccess/config match/edit 0 to 1.
And for Group-name <Group Object id>, I accidentally set my tenantID. That would explain it all.
Cheers!
Created on 10-19-2022 03:04 AM
Hi
That's great to hear
Thanks for sharing the fix and enriching our knowledge sharing community
Cheers!
Edvin.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.