Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
LSI-IT
New Contributor

SAML Auth for FortiClient EMS user verification using Azure AD as IdP

I'm using EMS 7.0.7 and client 7.0.7

I want to use saml auth with azure AD as the IdP when creating an invitation for user verification. I have my AD domains imported. Azure is setup to be the IdP and the test is successful. 

If I add the saml configuration in EMS user management with "None" as the authorization type I can get it to work using a bulk invitation. If I add saml configuration with "LDAP" as the authorization type and assign an imported domain I get an error on the client when connecting the EMS in zero trust telemetry. 

LSIIT_0-1668521435084.png

It looks to me like the imported domains are using the SamAccountName for the users and the SAML configuration is using the UserPricipalName for the assertion attribute. I'm not sure how to setup the domain identification. 

 

FortiNet does have some documentation on this setup but, it doesn't give allot of information 

https://docs.fortinet.com/document/forticlient/7.0.7/ems-administration-guide/156283/saml-configurat...

 

Has anybody set this up and how did you make it work?

 

10 REPLIES 10
Anthony_E
Community Manager
Community Manager

Hello LSI-IT,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

I have found this document:

 

https://docs.fortinet.com/document/fortigate-public-cloud/6.2.0/azure-administration-guide/584456/co...

 

Could you please have a look and tell me if it helped?

 

Regards,

Anthony-Fortinet Community Team.
LSI-IT

Thanks Anthony_E, That document is for configuring SAML on a FortiGate with Azure AD as the IdP. I'm trying to use it on FortiClient EMS. I did get an update this morning from Fortinet support that using Azure AD as the IdP in a SAML connection in EMS will be supported in version 7.2.1 It's a little confusing because the documentation already reads like it's supported. It would still be great to know if anyone else has experienced this issue and what they did to work around it.

Zak_Z
New Contributor

Hi LSI-IT,

 

I am having the same issue, no documentation on it, i am using EMS version 7.0.7.0398

Anthony_E
Community Manager
Community Manager

Hello,

 

Indeed :)!

I will try to find you somebody!

 

Regards,

Anthony-Fortinet Community Team.
GenesisTechhub
New Contributor

I have the same issue. Has anyone found a resolution for this?

JonasV
New Contributor III

I have the same issue, trying to connect to EMS from my FortiClient by using SAML invite

Kind regards
Kind regards
ALLEOFLO
New Contributor

Same Bug here in 7.2.2 :(

Top Kudoed Authors