Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
LSI-IT
New Contributor

SAML Auth for FortiClient EMS user verification using Azure AD as IdP

I'm using EMS 7.0.7 and client 7.0.7

I want to use saml auth with azure AD as the IdP when creating an invitation for user verification. I have my AD domains imported. Azure is setup to be the IdP and the test is successful. 

If I add the saml configuration in EMS user management with "None" as the authorization type I can get it to work using a bulk invitation. If I add saml configuration with "LDAP" as the authorization type and assign an imported domain I get an error on the client when connecting the EMS in zero trust telemetry. 

LSIIT_0-1668521435084.png

It looks to me like the imported domains are using the SamAccountName for the users and the SAML configuration is using the UserPricipalName for the assertion attribute. I'm not sure how to setup the domain identification. 

 

FortiNet does have some documentation on this setup but, it doesn't give allot of information 

https://docs.fortinet.com/document/forticlient/7.0.7/ems-administration-guide/156283/saml-configurat...

 

Has anybody set this up and how did you make it work?

 

10 REPLIES 10
xlntech
New Contributor

Anyone get anywhere with this? FortiDocs are the worst. 

Top Kudoed Authors