Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mattw
New Contributor III

Created on ‎06-07-2023 03:55 AM

SSL VPN with SAML (MS Azure with Authc app) AND user certificates?

Hi all, I have a customer that are using SAML authc with Azure for SSL VPN connections which is working well. They would like to use clients certificates as another authentication factor. Is this possible when using SAML? Many thanks in advance!

Labels:
340
0 Kudos
3 REPLIES 3
Yurisk
Valued Contributor

Created on ‎06-07-2023 06:04 AM

Hi, unfortunately not supported. I tried to find info in the FTNT docs to no avail, but in practice once you configure SAML, you cannot use 

config vpn ssl setting
    set reqclientcert enable

to require client certificates. Also on Forticlient once it connects using SAML, the option to specify client certificate is grayed out.

But I'd be glad to find official docs saying this, so bookmarking this post.

 

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.
321
Debbie_FTNT
Staff
Staff

Created on ‎06-07-2023 06:07 AM

Hey mattw,

 

I found this thread discussing the same question:

https://community.fortinet.com/t5/Support-Forum/FortiClient-Azure-SSO-with-Client-Certificate/td-p/2...

 

I have never tried to combine client certificates and SAML authentication myself in the way described there, so I can't say if it would work or not.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
315
mattw
New Contributor III

Created on ‎06-07-2023 06:11 AM

Thank you @Yurisk and @Debbie_FTNT, your responses are very helpful.

308
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.