Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gllgeorgiev1
New Contributor II

Fortimanager Azure Saml multiple Fortigates

Hello,

We have a bunch of Fortigates which are acting as SSL VPN hubs and we use Azure SSO for user's authentication. So far so good, but recently we bought FortiManager for managing those firewalls and basically i want to create a single Policy Block which will contain all SSL VPN policies for all resources, so the users can connect to the nearest Fortigate and have same access to whatever Fortigate they connect. But the issue i am facing is related to Azure SAML configuration and the impossibility to use single  group object ID ( retrieved from Azure AAD ) which can be applied to all Fortigates...
Please suggest, how can i fix this, without having separate policies for every single Firewall and when change is needed i need to change the respective policy on all devices

5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
pminarik
Staff
Staff

Can you clarify what you mean by "single group object ID"?

As far as I know, individual user groups in Azure ID have their own unique group IDs, but those are static. But maybe that's not what you meant.

[ corrections always welcome ]
turhost
New Contributor II

To resolve your issue with using Azure SAML authentication across multiple FortiGates managed by FortiManager, ensure that all FortiGate devices are registered with FortiManager and configured with the same Azure AD group object ID. You can configure a centralized SAML authentication profile on each FortiGate device to map to the same Azure AD group. By managing SSL VPN policies through FortiManager, you can create a single, unified policy that applies to all FortiGates, eliminating the need for separate policies on each device. This setup will allow users to authenticate via Azure SSO and access the nearest FortiGate firewall with the same policy in place. For more guidance and support, visit turhost.co for reliable hosting services.

gllgeorgiev1
New Contributor II

Hello guys, i figured it out - i am creating a common Azure SAML Server configuration on the Fortimanager and i put inside it per-device mappings for every firewall.

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors