You're on the right track. This means that the entity ID of the Service Provider (FortiGate) doesn't match on both sides, or possibly doesn't even exist in Azure at all.
On the FortiGate-side, this is the value in the "entity-id" option.
On Azure-side, this is "Identifier (Entity ID)".
This, and some other possible errors, has some commentary in the following KB article:
Note: While the guide focuses on SAML for admin login, the Azure-side error messages are the same even if you use it for SSL-VPN or captive portal.
[ corrections always welcome ]