Fortimanager Azure Saml multiple Fortigates

gllgeorgiev1 · ‎01-10-2025

Hello,

We have a bunch of Fortigates which are acting as SSL VPN hubs and we use Azure SSO for user's authentication. So far so good, but recently we bought FortiManager for managing those firewalls and basically i want to create a single Policy Block which will contain all SSL VPN policies for all resources, so the users can connect to the nearest Fortigate and have same access to whatever Fortigate they connect. But the issue i am facing is related to Azure SAML configuration and the impossibility to use single group object ID ( retrieved from Azure AAD ) which can be applied to all Fortigates...
Please suggest, how can i fix this, without having separate policies for every single Firewall and when change is needed i need to change the respective policy on all devices

Anthony_E · ‎01-12-2025

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎01-15-2025

Hello,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Anthony-Fortinet Community Team.

pminarik · ‎01-15-2025

Can you clarify what you mean by "single group object ID"?

As far as I know, individual user groups in Azure ID have their own unique group IDs, but those are static. But maybe that's not what you meant.

[ corrections always welcome ]

gllgeorgiev1 · ‎01-16-2025

Hello guys, i figured it out - i am creating a common Azure SAML Server configuration on the Fortimanager and i put inside it per-device mappings for every firewall.

Fortimanager Azure Saml multiple Fortigates

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website