Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bwhelan
New Contributor

Created on ‎08-10-2023 09:07 AM

Multiple authentication methods for SSL VPN

We currently have an SSL VPN configured for clients leveraging LDAP for authentication. We would like to move to Google SAML SSO for authentication, but need to test the configuration before disrupting current VPN clients. Is it possible to operate with both authentication methods active on a single Fortigate? Or should we schedule some VPN downtime to tinker with the Google SAML SSO config?

 

We are currently running FortiOS v7.2 Thanks in advance for any assistance.

Labels:
1144
0 Kudos
3 REPLIES 3
dbu
Staff
Staff

Created on ‎08-10-2023 09:27 AM

Hello @bwhelan 
Thank you for reaching out.


I believe it is possible. 

Please have a look here for more information: 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Fortinet-SSL-VPN-with-G-Suite-MFA-using-SA...
https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/226712/saml-2-0-fsso-with-fortiauthentic...
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/724772/ssl-vpn-multi-realm

Regards

 

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
1133
0 Kudos
pgautam
Staff
Staff

Created on ‎08-10-2023 09:38 AM

Hi @bwhelan 

 

Thank you for posting your query.

Yes, it is possible. The user will be redirected to the SAML IDP when you will enable the SAML setting in Forticlient post configuring the SAML configuration on FortiGate.

 

saml.PNG

 

For configuration please the links shared by @dbu .

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

 

1128
0 Kudos
mpeddalla
Staff
Staff

Created on ‎08-10-2023 01:17 PM

Hello @bwhelan 

 

Hope you are doing well.

Yes, it is possible you can create and add the saml sso of google on the firewall and create realm on Fortigate so that you can have individual groups and authentication methods.

 

Example:

You can create realm portal for each user group and test between LDAP and SAML authentication methods.

 

refer to the article for the steps:

SAML authentication:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Fortinet-SSL-VPN-with-G-Suite-MFA-using-SA...

 

-As suggested earlier by Priyanka please configure on ssl vpn different connection to save the credentials of the test user.

 

Let us know if these steps helped or not.

 

Regards,

Manasa

Realm:

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/724772/ssl-vpn-multi-realm

 

 

 

Manasa
1109
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.