- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Multiple Azure AD environments and the use of SAML
Is it possible to use the Single Sign On option with SAML for different Azure AD tenants?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello aproost,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
This document just appears:
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial
Could you please tell me if it helps?
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Our idea is that we have two or more SAML SSO (Azure AD) in one Fortigate.
One SAML SSO is working well. But can you create two or more in one device?
We have A Fortigate in our DC and, multiple companies are using Forticlient now. But we wanna use the Azure AD SAML option. So there will be multiple SSO SAML in the Fortigate.
Created on 11-07-2022 08:24 AM Edited on 11-07-2022 08:27 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey aproost,
have a look at this KB; this seems to roughly be what you're looking for?
Another KB that explains SSLVPN realms and SAML authentication in greater detail (but is with only one IDP):
https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/3992
As an alternative, if you're going to have multiple companies pass traffic through one FortiGate, you could consider VDOMs, and do VPN and SAML auth on a per-vdom basis.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Debbie_FTNT ,
so if i have 3 vdoms, i can setup the 1st vdom to use azure MFA, the 2nd vdom to use fortiauthenticator and the 3rd vdom to use only local authentication??
I can decide how to autheticate based on a per-vdom basis?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear @Maerre ,
Yes, you can do as you told. Because you will specify for each VDOM it's own source of users.