Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Maerre
New Contributor III

Integrate Fortigate with Azure AD and FortiAuthenticator

Hello,

I am in the process of starting a project that will need to evaluate the integration of fortigate, fortiauthenticator, AD and azure AD.

Specifically I wanted to if you had any experience and ask if it is possible to do the following:

- ssl-vpn access via Azure MFA authentication (seen some DOCs and it is feasible)

- replacement of LDAP synchronization currently used in Fortiauthenticator with AzureAD (can be used both AD and Azure AD in parallel?)

- replacement of the FSSO (LDAP-based) functionality currently used in the Fortigate with the AzureAD-based FFSO functionality

- possible coexistence of the different authentication mechanisms

 

Thank you

Regards

 

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello Maerre,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Maerre
New Contributor III

Hello @Anthony_E ,

 

just to give you an update, i've terminated all the task but i was asked for these questions:

 

it seems that it is not possible to census the individual user but it is necessary to put them in a specific group on the azure AD side in order to manage sso?
in this case i am wondering if it is possible to have a timeout for SSO disconnection. .
For example, if the computer is used by multiple people and therefore the OS has multiple user profiles how does this work?
If another user logs in from another profile is a second SSO authentication requested or does the session of another previously logged in user remain active (since the association is IP based only)?

Regarding the captive portal for SSO authentication: is it possible to use the same endpoint to log in with SSO from different subnets/interfaces?
This is to avoid having to create for each subnet an app on dedicated azuread with then an SSO object and SSO group for each.

I didn't find any answer in the official doc.

 

thank you 

bye

 

 

Anthony_E
Community Manager
Community Manager

Hello Maerre,

 

Thanks a lot for your update!

I will let our engineers reply to your question.

 

Regards,

 

 

Anthony-Fortinet Community Team.
Top Kudoed Authors