Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Secure_IT_BE_Nick
New Contributor III

O365 MFA with vpn

Hi

 

I've spend already quite some time to figure this out, sslvpn with O365 as mfa.

 

There are some resources of Fortinet :

https://docs.fortinet.com/document/fortigate/6.2.0/azure-cookbook/584456/configuring-saml-sso-login-...

https://kb.fortinet.com/kb/php/search.do?cmd=displayKC&docType=kc&externalId=FD45699&sliceId=1&docTy...

 

But as most of kb's it's not 100% clear.

 

First of al does it work or not?

 

This is somewhat my config:

 

edit "ssl-azure-saml"         set cert "Fortinet_Factory"         set entity-id "https://fortigateip/remote/saml/metadata"         set single-sign-on-url "https://fortigateip/remote/saml/login"         set single-logout-url "https:/fortigateip/remote/saml/logout"         set idp-entity-id "https://sts.windows.net/idddddad744f487/"         set idp-single-sign-on-url "https://login.microsoftonline.com/idddddad744f487/saml2"         set idp-single-logout-url "https://login.microsoftonline.com/common/wsfederationwa=wsignout1.0"         set idp-cert "AZURE_FGAUTH"         set user-name "username" --> tried with and without     next end

Attached the azure AD config.

 

And is the default Office 365 E3 subscription enough? That's also not clear to me.

 

thx for any input!

[link]https://www.secure-it.be[/link]

[link]https://www.secure-it.be[/link]
1 REPLY 1
Radzik
New Contributor

Check this

 

set idp-single-logout-url "https://login.microsoftonline.com/common/wsfederationwa=wsignout1.0"

to

set idp-single-logout-url "https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0"

and stay with username :)

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors