We are using Forticlient SAML login with Azure AD.
When logging in, the users enters mail address, password and MFA, and it all works.
However, we have setup the conditional access with a 'Sign-in frequency' of 7 days, but the user is prompted for login every time.
We set it up using the client v7.0.7, and it worked perfectly, but after v7.0.8 we get prompted every time.
If we change the tunnel settings to 'Use External Browser as User-agent for SAML Login', a browser tab is opened and then it works - only the first time the user is prompted for login. Any consecutive logins is done automatic (this is not ideal to use permanently as it looks weird with the open browser tab).
So to sum up, is seems that from v7.0.7 to 7.0.8 the Forticlient built in prompt doesn't save your credentials.
Just to clarify this will store the password permanently though, not cache recent credentials? I want it to prompt again if its not used for say a week or so, I don't want their password stored permanently.
It depends on your Azure settings for reauthentication/session timeout (it may be under the Conditional Access policies). We have it set to timeout authentication after 1 hour. So if we disconnect and reconnect a VPN after 1 hour it will prompt for MFA again.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.