I have a client that is wanting to use G Suite as their IdP for SSO. They want to be able to apply different policies to different Gsuite groups, which I've managed to get working by obtaining group membership from SAML assertions text-based list, which requires I manually create the SSO group on the FortiAuthenticator. However I want the FortiAuthenticator to be able to do this automatically by looking up the Gsuite directory and pulling all the Groups. So I set up a service account, downloaded the service key json file etc and set my SAML to Obtain group membership from Cloud > my oauth. The problem is when I try logon using SSO I get to my Google login prompt and login, however after this it just times out trying to get to my ACS URL.
Any ideas? Has anyone managed to get this working before?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.