We're doing an increasing number of SAML based vpn deployments and windows + azure works well. However, other combinations we are struggling with, for example.
macOS + Google workspace
windows + Google workspace varies, we see that both for mac and windows users they are authenticated but the vpn tunnel is not initiated.
chromebooks + Azure
this is using
fortios 6.4.7 and fct 7.0.1 or 7.0.2
What are other peoples experiences?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi simonorch,
some time ago I played a bit and made a SAML working on FortiAuthenticator as SP with OKTA as IdP.
I guess you found out that https://docs.fortinet.com do have some SAML related stuff.
FOS https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/736845/saml
FAC https://docs.fortinet.com/document/fortiauthenticator/6.4.3/administration-guide
contains SAML in both Authentication and SSO.
More targeted guides are in FAC Cookbook and SAML is here https://docs.fortinet.com/document/fortiauthenticator/6.4.0/cookbook/362779/saml-authentication
With Azure (including O365), Okta, Google things and more.
But my experience is that those guides are hard to maintain, mainly because all those 3rd party elements keeps changing. And it does not matter if you do SAML, or Social logons with Facebook/Twitter etc. both keeps changing a lot.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Fortigate SSL VPN naturally also works with Google Workspace IdP. Fortigate configuration will be the same as for any other IdP.
Google Workspace is a little specific in that they have used departments instead of user groups. Bellow is a sample of working config from lab.
You can also test Google's beta version of group membership.
My recommendation is to first ensure that SAML authentication works in web-mode SSL VPN. Only then focus on issues with specific versions of FortiClient or client OS.
You might want to open a support ticket for help with further debugging of SSLVPN/SAML/FortiClient.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.