We are going to be joining a lot of our devices to InTune.
I wonder whether anyone has any hints on getting details of the logged in user from these devices to be used by the Fortigate.
Particularly in a 'shared device scenario' - we have cabinets full of laptops and iPads that are handed out to students.
Cheers
Jon
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
How about something usually called BYOD .. so allow any device on your nettwork and communication from it to some protected resources ONLY when user on that device can authenticate somehow.
So alternatives to investigate are:
- FortiNAC, for complete network access controll
- 802.1X port based authentication everywhere
- RSSO, so users will auth with their AD account when they log to WiFi and the WLC will send RADIUS accounting to either FortiGate, or standalone Collector Agent, or FortiAuthenticator, which can make FSSO like record from RADIUS data and verified AD group membership.
- if all users will authenticate towards some MSFT domain, then even something like FSSO should work
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
What I'm seeking to do is the same as the seamless nature of a login to a AD joined device that is authenticated to FSSO. The idea being that the user logs into their AAD account on the intuned device, then FG authenticates them based on that.
At present it seems the only option is to web-authenticate the users which is a little pants. There are some potential solutions but the costs are prohibitive for a large education provider.
Those more detailed guides might help I think.
I know that FortiAuthenticator might not be in your scenario.
But it can act as SAML SP (Service Provider) and ask AAD (Azure Active Directory) as SAML IdP (Identity Provider) to authenticate users and do SSO.
Direct link to how to guide. But there is more than this one documented.
https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/316341/saml-fsso-with-fortiauth...
Similar SAML SSO connectivity on FortiGate
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/33053/outbound-firewall-auth...
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Hi Jon,
I wanted to ask if you got anywhere with this issue. I am facing a similar problem, after moving from on prem Windows AD to Azure AD and using Intune we have been left without the ability to properly authenticate users through our FG.
Any thoughts or advise from anyone would be much appreciated.
Thanks
Alas no - how about you?
I also don't have problems with this one, strange. Besides this I as a student use iPad to use this service, writing APA format research paper https://edusson.com/apa-paper-writing-service of my daughter this helps me a lot, because I work and it reduces my time, and this service does everything for me and I manage to come with my homework ready. This is a pretty good lifehack taken from my colleague who already two years doing so, are there more like us?)) because this one is brilliant, I hope teachers don't find out about it soon.
If you have an outline of your setup then perhaps that would extend the conversation?
What we're talking about is InTune only setup, no hybrid joins to local AD etc.
Without substantial additional infrastructure it appears that your only option is a web-authentication, nothing similar to the seamless nature of FSSO/FSAE etc.
We have a similar situation, we want to get devices only joined with AAD pure Intune Cloud, no AD. And we don't have EMS license. Did you find a solution? Or do you know other way to sync devices only connected to Intune?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.