Technical Tip: Configuring SAML SSO login for Fort...

kiri · 06-09-2025

Description This article describes how to provision a mobile FortiToken with a third-party 2FA app, such as Google or Microsoft Authenticator, when the FortiToken Mobile app cannot be used or enforced. This method is an exception: end users should pr...

kiri · 05-21-2025

Description This article describes how to resolve the captive portal issues affecting FortiAuthenticator v6.6.3 GA. Scope FortiAuthenticator v6.6.3 GA. Solution A working captive portal setup in 6.6.2 GA and older might break with the upgrade to v6.6...

kiri · 04-17-2025

Description This article describes how to fix SAML auth errors like 'AuthnRequest IssueInstant too old' or 'AuthnRequest IssueInstant too new'. Scope FortiAuthenticator 6.X, 7.X. Solution Time drift or incorrect time/timezone settings on any of the p...

kiri · 03-27-2025

Description This article describes symptoms and solutions for swap memory being in use on a FortiAuthenticator. FortiAuthenticators may have the following symptoms: Admins being unable to log in to the GUI without a clear reason. Logs or debug failin...

kiri · 02-07-2025

Description This article describes how to fix OAuth authentication server error 403 and OAuth login failed: invalid_request. Scope FortiTrust Identity and FortiAuthenticator v6.5, v6.6. Solution When settings up OAuth for the first time, the authenti...

kiri · 09-18-2023

hi there, Most likely if you specify only the logon events (instead of 0, 1, 2) you won't have the users logged off anymore.Check what are the correct IDs for your server OS. 6) Logon Event ID poller. Increase the level to '2' instead of '0' of visib...

kiri · 06-29-2023

Hi there, I hope I got this right.If the same public IP/FQDN has been moved from FGT to LB, you still have the same public IP/FQDN in "config user saml", and LB is correctly configured to fw the saml auth request to the FGT, then this is expected to ...

kiri · 06-26-2023

Hi there, * close*timeout*client-rst* accept These actions are also part of normal operation, they don't necessarily indicate an issue.Need to correlate some more outputs in order to determine if these events are an issue. Please follow these trouble...

kiri · 06-25-2023

Hi there, Can you link this issue to any change in your environment?Have you tested other devices/FortiClient versions?Is it possible for an effected user to use for a while web ssl portal instead of FCT tunnel mode?That should help to identify if th...

kiri · 06-25-2023

Hi there, It's unclear to me what do you mean by "Does Foticlient support to dialup IPsec VPN or we have to configure separate Forticlient configuration at Fortigate Firewall." If ipsec dialup with 2fa is what you're after, please check the docs bell...

User Statistics

User Activity

Technical Tip: How to provision FortiToken with a third-party 2FA app (Google, Microsoft Authenticator)

Technical Tip: FortiAuthenticator upgrade to v6.6.3 GA breaks some captive portal deployments

Troubleshooting Tip: How to fix SAML errors where the AuthnRequest IssueInstant is too old or too new

Technical Tip: FortiAuthenticator swap memory in use, symptoms and solutions

Technical Tip: How to fix OAuth error 403, OAuth login failed: invalid_request

Re: Fortigate FSSO Agent - Logon/Logoff events

Re: SSO for SSL VPN Authentication with FortiGate behind NAT / without Public IP

Re: VPN SSL access problems

Re: FortiClient SSL VPN Disconnecting continously

Re: 2F authentication in dialup vpn

Technical Tip: Configuring SAML SSO login for Fort...

Technical Tip: How to configure FortiAuthenticator...

Re: Fortigate FSSO Agent - Logon/Logoff events

Troubleshooting Tip: Fix SAML 'access denied' erro...

Re: FortiClient SSL VPN Disconnecting continously

Re: Do we need to use the client certificate when ...

Re: Two factor authentication for AD admins

Re: SSL-VPN SAML SSO with Azure AD

KCS

User Statistics

User Activity

You are leaving our website