Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nwt
New Contributor II

Multiple Web Portals with SAML MFA

We have an existing web portal for Maintenance to use when accessing/controlling HVAC equipment. I have Duo auth set up so that users in the Duo group (Radius) get Duo Auth/Tunnel Mode and Maintenance users (LDAP) still get their portal, but I don't know if it's possible to deploy Duo to that other group and still allow them their current web portal.

 

Do I just do 

config user saml

and make another user for Maintenance and add it to another firewall group that I map to their web portal?

2 REPLIES 2
johnathan
Staff
Staff

Just wanna confirm, for the existing group you currently have is using Duo via RADIUS? Then the new group for Maintenance  will be SAML? In this case yeah it would be fine. The regular non SAML users will sign in as normal on the Web Portal, but the Maintenance people will click 'Single Sign On' and be directed to the IDP.

"Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth."
hbac
Staff
Staff

Hi @nwt,

 

To map the same group to different portals, you need to create a new realm. Please refer to https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/724772/ssl-vpn-multi-realm

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors