SAML Auth for FortiClient EMS user verification using Azure AD as IdP
I'm using EMS 7.0.7 and client 7.0.7
I want to use saml auth with azure AD as the IdP when creating an invitation for user verification. I have my AD domains imported. Azure is setup to be the IdP and the test is successful.
If I add the saml configuration in EMS user management with "None" as the authorization type I can get it to work using a bulk invitation. If I add saml configuration with "LDAP" as the authorization type and assign an imported domain I get an error on the client when connecting the EMS in zero trust telemetry.
It looks to me like the imported domains are using the SamAccountName for the users and the SAML configuration is using the UserPricipalName for the assertion attribute. I'm not sure how to setup the domain identification.
FortiNet does have some documentation on this setup but, it doesn't give allot of information
Thanks Anthony_E, That document is for configuring SAML on a FortiGate with Azure AD as the IdP. I'm trying to use it on FortiClient EMS. I did get an update this morning from Fortinet support that using Azure AD as the IdP in a SAML connection in EMS will be supported in version 7.2.1 It's a little confusing because the documentation already reads like it's supported. It would still be great to know if anyone else has experienced this issue and what they did to work around it.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.