Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sepdavid
New Contributor

Created on ‎03-01-2022 01:43 AM

SAML sso for owa?

Hello 

 

i see there is agent for owa to enable 2FA.

is there an option to configure owa for saml sso ? 

 

Labels:
2560
0 Kudos
7 REPLIES 7
aahmadzada
Staff
Staff

Created on ‎03-03-2022 06:55 AM

Hi, 

Please clarify your question as it is a bit hard to understand what you would like to achieve.

 

 

Ahmad
2487
0 Kudos
sepdavid
New Contributor
In response to aahmadzada

Created on ‎03-03-2022 07:21 AM

Hi 

 i want to achieve sso saml login to owa.

from my internal subnet if a user already logged in to one of the other enterprise SAML apps (browser already have the cockie ) i expect him to automatic login to owa without the need to type username and password.

if its the first SAML site he login this morning i expect him to type user&password without token because he is inside trusted network.

 

 

if the user is at home, not in our trusted network i want him to type the user password and forti token code.

2486
0 Kudos
aahmadzada
Staff
Staff
In response to sepdavid

Created on ‎03-03-2022 07:39 AM

Can you please tell me where are the Fortitokens are deployed?
Are they deployed on the Fortigate or on Fortiauthenticator?

 

 

Ahmad
2485
0 Kudos
sepdavid
New Contributor
In response to aahmadzada

Created on ‎03-03-2022 07:57 AM

users from AD 

tokens from Fortiauthenticator

AD is a realm in Fortiauthenticator

2482
0 Kudos
aahmadzada
Staff
Staff

Created on ‎03-04-2022 12:54 AM

Ok, now it is more or less clear.

I will not be able to tell which exact steps you should take, but one hint is that the
Fortiauthenticator should be configured as an iDP.
https://docs.fortinet.com/document/fortiauthenticator/6.4.1/administration-guide/817031/saml-idp


Ahmad
2476
0 Kudos
Debbie_FTNT
Staff
Staff

Created on ‎03-04-2022 06:51 AM

Hey sepdavid,

principally, you can do SAML authentication if you can redirect your OWA application to FortiAuthenitcator, so it can act as IdP.

It would depend if you can configure OWA accordingly; the OWA agent is a small independent program that is run on the Exchange server and doesn't require much (if any) additional configuration on OWA side, and there is no agent for SAML authentication.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
2469
0 Kudos
jamescarell2021
New Contributor

Created on ‎03-28-2022 10:07 PM

Hi David, 

You can use miniOrange to implement SSO and MFA in OWA and your Fortinet VPN. 

2229
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.