I'm using EMS 7.0.7 and client 7.0.7
I want to use saml auth with azure AD as the IdP when creating an invitation for user verification. I have my AD domains imported. Azure is setup to be the IdP and the test is successful.
If I add the saml configuration in EMS user management with "None" as the authorization type I can get it to work using a bulk invitation. If I add saml configuration with "LDAP" as the authorization type and assign an imported domain I get an error on the client when connecting the EMS in zero trust telemetry.
It looks to me like the imported domains are using the SamAccountName for the users and the SAML configuration is using the UserPricipalName for the assertion attribute. I'm not sure how to setup the domain identification.
FortiNet does have some documentation on this setup but, it doesn't give allot of information
Has anybody set this up and how did you make it work?
The crucial step lies in employing a custom claim within FortiClient, such as the username, and subsequently configuring a corresponding claim with identical nomenclature in the attributes within Azure, which should be mapped to the userprincipalname.
