Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
LSI-IT
New Contributor

Created on ‎11-15-2022 06:21 AM

SAML Auth for FortiClient EMS user verification using Azure AD as IdP

I'm using EMS 7.0.7 and client 7.0.7

I want to use saml auth with azure AD as the IdP when creating an invitation for user verification. I have my AD domains imported. Azure is setup to be the IdP and the test is successful. 

If I add the saml configuration in EMS user management with "None" as the authorization type I can get it to work using a bulk invitation. If I add saml configuration with "LDAP" as the authorization type and assign an imported domain I get an error on the client when connecting the EMS in zero trust telemetry. 

LSIIT_0-1668521435084.png

It looks to me like the imported domains are using the SamAccountName for the users and the SAML configuration is using the UserPricipalName for the assertion attribute. I'm not sure how to setup the domain identification. 

 

FortiNet does have some documentation on this setup but, it doesn't give allot of information 

https://docs.fortinet.com/document/forticlient/7.0.7/ems-administration-guide/156283/saml-configurat...

 

Has anybody set this up and how did you make it work?

 

Labels:
2951
0 Kudos
10 REPLIES 10
xlntech
New Contributor

Created on ‎11-05-2023 07:30 AM

Anyone get anywhere with this? FortiDocs are the worst. 

283
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.