Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
guchinife
New Contributor

Created on ‎04-29-2024 04:50 AM

Wifi access with Single Sign-ON

Hello
I have configured a Wifi access with Single Sign-ON (SSO) connection.
The connection is successful after login.
I have created some firewall policies with Azure AD groups.
The problem I have is that to test the accesses of these groups I have to disconnect the wifi session and re-authenticate, but I don't know how to force the disconnection because every time I connect again to the wifi it doesn't ask me for the username/password.
How can I force the user to disconnect from the wifi?

Note: I have tried forgetting the wifi network and restarting, but it continues to log in automatically.

Thanks

Translated with DeepL.com (free version)

Labels:
1191
0 Kudos
6 REPLIES 6
AEK
SuperUser
SuperUser

Created on ‎04-29-2024 05:11 AM

Hi @guchinife 

Did you try from Dashboard > Users & Devices, then in the user list right-click on the user and click De-authenticate.

AEK
AEK
1174
guchinife
New Contributor
In response to AEK

Created on ‎04-30-2024 12:25 AM

Hi, this option does not work for me, as the users are in Azure AD.

1127
0 Kudos
ebilcari
Staff
Staff

Created on ‎04-29-2024 05:13 AM

I guess you have configured portal authentication with SAML as described on this article here. Since the user session will remain until it's timed out, in order to trigger a new login you can try deleting the host in Dashboard> Users & Devices.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1173
guchinife
New Contributor
In response to ebilcari

Created on ‎04-30-2024 12:42 AM

Here they don't tell you how to force disconnect users from Azure AD which is what I need.
Thanks

1124
0 Kudos
pminarik
Staff
Staff
In response to guchinife

Created on ‎04-30-2024 07:01 AM

If the problem is that the IdP (Azure/Entra) cookie is cached and the authentication just "fast-forwards" through, just delete the cookies on the endpoint. The FortiGate can't influence what happens with these cookies, that's business between the endpoint and the IdP.

[ corrections always welcome ]
1101
0 Kudos
hbac
Staff
Staff

Created on ‎04-30-2024 06:53 AM

Hi  @guchinife,

 

Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-SAML-de-authentication-Outbound-SAML-polic...

 

Regards, 

1103
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.