Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nwt
New Contributor II

Created on ‎05-07-2024 12:37 PM

Multiple Web Portals with SAML MFA

We have an existing web portal for Maintenance to use when accessing/controlling HVAC equipment. I have Duo auth set up so that users in the Duo group (Radius) get Duo Auth/Tunnel Mode and Maintenance users (LDAP) still get their portal, but I don't know if it's possible to deploy Duo to that other group and still allow them their current web portal.

 

Do I just do 

config user saml

and make another user for Maintenance and add it to another firewall group that I map to their web portal?

Labels:
510
0 Kudos
2 REPLIES 2
johnathan
Staff
Staff

Created on ‎05-07-2024 02:13 PM

Just wanna confirm, for the existing group you currently have is using Duo via RADIUS? Then the new group for Maintenance  will be SAML? In this case yeah it would be fine. The regular non SAML users will sign in as normal on the Web Portal, but the Maintenance people will click 'Single Sign On' and be directed to the IDP.

"Never trust a computer you can't throw out a window."
491
0 Kudos
hbac
Staff
Staff

Created on ‎05-08-2024 09:26 AM

Hi @nwt,

 

To map the same group to different portals, you need to create a new realm. Please refer to https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/724772/ssl-vpn-multi-realm

 

Regards, 

429
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.