Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bcieszewski
New Contributor

Using AD groups sent by SAML response from IDP to authorize users

Hi, 
So - I have my own IDP i'm testing, and I'm wondering if below scenario is possible with SSL-VPN on Fortigate.

 

First of all - my IDP is independent from any IAM - so I can connect to AD, Octa, Entra etc. to fetch and authenticate users. While querying for users I also can query which groups they are in. The response IDP sends looks more or less like that:

{
"result": true,
"user": {
"id": 96,
"company_id": 14,
"username": "qweqwe@qweqwe",
"status": "active",
"user_type": 0,
"immutable_id": "NjhiMzI5ZGE5ODkzZTM0MDk5YzdkOGFkNWNiOWM5NDAK",
"created_at": "2024-03-04T15:13:54.102Z",
"updated_at": "2024-03-04T15:13:54.102Z",
"email": "qweqwe@qweqwe",
"additional_details": {
"security_groups": [
"Cert Publishers",
"sf_administrators",
"sf_helpdesk"
]
},
"is_webauthn_active": false,
"webauthn_id": null
}
}

 

There are three entries in "Security Groups" (highlighted), Now I want the VPN to differentiate between the entries, and use appriopriate policies. For example if group sf_helpdesk is found put users on Network A, and when sf_other that put them in Network B. 

Is that even a thing?

2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
ozkanaltas
Contributor III

Hello @bcieszewski ,

 

You can make this request come true. I think these two documents answer your question.

 

https://learn.microsoft.com/en-us/entra/identity/saas-apps/fortigate-ssl-vpn-tutorial

 

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/499536/ssl-vpn-with-okta-as-...

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE4-5-6-7 OT Sec - ENT FW
Labels
Top Kudoed Authors