Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Lokelund
New Contributor

Created on ‎12-17-2021 01:43 AM

Identity based security policy

  • Hi. I am trying to setup identity based firewall policies for my company. The goal is to have a policy that only allows IT staff to reach our company azure tenant and our customers tenants, currently there is a policy that allows the whole company to basically egress the VPN tunnel interface to the tenants.

As the company has moved away from an on prem AD, i cant set up a FSSO to poll any DC for users to authenticate. So what I am wondering, is there a way to do this with either AZ AD or possibly certificates?

If anybody could shed some light on the best path to pursue to accomplish this goal and/or possibly give me a link to some useful resources I would much appreciate it. Thanks :)

Labels:
4569
0 Kudos
2 REPLIES 2
xsilver_FTNT
Staff
Staff

Created on ‎12-17-2021 02:51 AM

Hi,

how about SAML ?

With FortiGate:
https://docs.fortinet.com/document/fortigate/6.4.8/administration-guide/33053/outbound-firewall-auth...

Through FortiAuthenticator:

https://docs.fortinet.com/document/fortiauthenticator/6.4.0/cookbook/362779/saml-authentication

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

4518
Lokelund
New Contributor

Created on ‎12-19-2021 12:09 PM

Thank you for the reply! Will look into it :)

4500
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.