Hello,
We have a bunch of Fortigates which are acting as SSL VPN hubs and we use Azure SSO for user's authentication. So far so good, but recently we bought FortiManager for managing those firewalls and basically i want to create a single Policy Block which will contain all SSL VPN policies for all resources, so the users can connect to the nearest Fortigate and have same access to whatever Fortigate they connect. But the issue i am facing is related to Azure SAML configuration and the impossibility to use single group object ID ( retrieved from Azure AAD ) which can be applied to all Fortigates...
Please suggest, how can i fix this, without having separate policies for every single Firewall and when change is needed i need to change the respective policy on all devices
Hello,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Can you clarify what you mean by "single group object ID"?
As far as I know, individual user groups in Azure ID have their own unique group IDs, but those are static. But maybe that's not what you meant.
To resolve your issue with using Azure SAML authentication across multiple FortiGates managed by FortiManager, ensure that all FortiGate devices are registered with FortiManager and configured with the same Azure AD group object ID. You can configure a centralized SAML authentication profile on each FortiGate device to map to the same Azure AD group. By managing SSL VPN policies through FortiManager, you can create a single, unified policy that applies to all FortiGates, eliminating the need for separate policies on each device. This setup will allow users to authenticate via Azure SSO and access the nearest FortiGate firewall with the same policy in place. For more guidance and support, visit turhost.co for reliable hosting services.
Hello guys, i figured it out - i am creating a common Azure SAML Server configuration on the Fortimanager and i put inside it per-device mappings for every firewall.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1845 | |
1130 | |
769 | |
447 | |
258 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.