Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aproost
New Contributor

Multiple Azure AD environments and the use of SAML

Is it possible to use the Single Sign On option with SAML for different Azure AD tenants?

6 REPLIES 6
Anthony_E
Community Manager
Community Manager

Hello aproost,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

This document just appears:

 

https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial

 

Could you please tell me if it helps?

 

Regards,

 

 

Anthony-Fortinet Community Team.
aproost
New Contributor

Our idea is that we have two or more SAML SSO (Azure AD) in one Fortigate.

One SAML SSO is working well. But can you create two or more in one device?

 

We have A Fortigate in our DC and, multiple companies are using Forticlient now. But we wanna use the Azure AD SAML option. So there will be multiple SSO SAML in the Fortigate.

Debbie_FTNT

Hey aproost,

have a look at this KB; this seems to roughly be what you're looking for?

https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-with-SAML-authentication-with-mult...

 

Another KB that explains SSLVPN realms and SAML authentication in greater detail (but is with only one IDP):
https://community.fortinet.com/t5/tkb/articleprintpage/tkb-id/TKB20/article-id/3992

As an alternative, if you're going to have multiple companies pass traffic through one FortiGate, you could consider VDOMs, and do VPN and SAML auth on a per-vdom basis.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Maerre
New Contributor III

Hi @Debbie_FTNT ,

so if i have 3 vdoms, i can setup the 1st vdom to use azure MFA, the 2nd vdom to use fortiauthenticator and the 3rd vdom to use only local authentication??

I can decide how to autheticate based on a per-vdom basis?

 

akanibek

Dear @Maerre ,

Yes, you can do as you told. Because you will specify for each VDOM it's own source of users.

Asset
Top Kudoed Authors