I already have SSL-VPN running with SAML enabled and it works fine..
I'm starting to setup IPSEC-VPN and it's configured to work with a local group and local account, just to get it running.
If I want to start using Azure SAML with IPSec-VPN, can I use the same samluser/saml remote group I have for SSL-VPN or do I need to setup a new one for IPSEC-vpn in parallel, including the Azure side of it.
should the ipsec-vpn also be setup on a loopback interface ? (my ssl isn't, currently) are the steps the same ?
You should be able to use the same group from the Entra side.
Don't put IPSec VPN on a loopback - you will lose offloading/hardware acceleration.
Kindly refer to this document as a guide for saml ipsec dialup vpn: https://docs.fortinet.com/document/fortigate/7.2.8/administration-guide/951346/saml-based-authentica...
https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/432396/configuring-microsoft... 
Yes, on Azure you can use the same sslvpn remote group enterprise application for the ipsec dialup vpn. Loopback interface creation is not required.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.