- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wifi access with Single Sign-ON
Hello
I have configured a Wifi access with Single Sign-ON (SSO) connection.
The connection is successful after login.
I have created some firewall policies with Azure AD groups.
The problem I have is that to test the accesses of these groups I have to disconnect the wifi session and re-authenticate, but I don't know how to force the disconnection because every time I connect again to the wifi it doesn't ask me for the username/password.
How can I force the user to disconnect from the wifi?
Note: I have tried forgetting the wifi network and restarting, but it continues to log in automatically.
Thanks
Translated with DeepL.com (free version)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @guchinife
Did you try from Dashboard > Users & Devices, then in the user list right-click on the user and click De-authenticate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, this option does not work for me, as the users are in Azure AD.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I guess you have configured portal authentication with SAML as described on this article here. Since the user session will remain until it's timed out, in order to trigger a new login you can try deleting the host in Dashboard> Users & Devices.
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here they don't tell you how to force disconnect users from Azure AD which is what I need.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the problem is that the IdP (Azure/Entra) cookie is cached and the authentication just "fast-forwards" through, just delete the cookies on the endpoint. The FortiGate can't influence what happens with these cookies, that's business between the endpoint and the IdP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @guchinife,
Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-SAML-de-authentication-Outbound-SAML-polic...
Regards,
