Technical Tip: Configuring SAML SSO login for Fort...

kiri · 08-28-2025

Description This article explains how to enable EAP-TTLS as an authentication method in VPN-only (unlicensed) FortiClients. Scope FortiClient v7.4.3 and newer. Solution FortiClient added support for EAP-TTLS in IPSec VPN starting in firmware version ...

kiri · 07-22-2025

Description This article describes how to migrate SAML SSL VPN to IPsec with minimal config changes. Scope FortiGate v7.2+. Solution This is the SSL VPN sample config: config vpn ssl settings set servercert "fgt.local.cert" set login-block-time 0 set...

kiri · 06-09-2025

Description This article describes how to provision a mobile FortiToken with a third-party 2FA app, such as Google or Microsoft Authenticator, when the FortiToken Mobile app cannot be used or enforced. This method is an exception: end users should pr...

kiri · 05-21-2025

Description This article describes how to resolve the captive portal issues affecting FortiAuthenticator v6.6.3 GA. Scope FortiAuthenticator v6.6.3 GA. Solution A working captive portal setup in 6.6.2 GA and older might break with the upgrade to v6.6...

kiri · 04-17-2025

Description This article describes how to fix SAML auth errors like 'AuthnRequest IssueInstant too old' or 'AuthnRequest IssueInstant too new'. Scope FortiAuthenticator 6.X, 7.X. Solution Time drift or incorrect time/timezone settings on any of the p...

kiri · 09-17-2025

all the results I found in fortinet docs have ems as component to autoconnect solutionit looks like ems is mandatory

kiri · 09-16-2025

hi there, conditional policies need an external browser: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Implementing-device-based-Conditional-Access/ta-p/267878 Is this what you're after? - Have you found a solution? Then give your helper ...

kiri · 09-04-2025

hey all, this known issue 1177111 has been fixed in 6.6.7 FAC OS, planned to be released this fall

kiri · 09-18-2023

hi there, Most likely if you specify only the logon events (instead of 0, 1, 2) you won't have the users logged off anymore.Check what are the correct IDs for your server OS. 6) Logon Event ID poller. Increase the level to '2' instead of '0' of visib...

kiri · 06-29-2023

Hi there, I hope I got this right.If the same public IP/FQDN has been moved from FGT to LB, you still have the same public IP/FQDN in "config user saml", and LB is correctly configured to fw the saml auth request to the FGT, then this is expected to ...

User Statistics

User Activity

Technical Tip: How to enable EAP-TTLS for IPSec IKEv2 tunnels in VPN-only (unlicenced) FortiClient

Technical Tip: How to migrate SAML SSL VPN to IPsec

Technical Tip: How to provision FortiToken with a third-party 2FA app (Google, Microsoft Authenticator)

Technical Tip: FortiAuthenticator upgrade to v6.6.3 GA breaks some captive portal deployments

Troubleshooting Tip: How to fix SAML errors where the AuthnRequest IssueInstant is too old or too new

Re: SAML for forticlient

Re: SAML for forticlient

Re: Fortiauthenticator oauth/openid token endpoint error if content-type include charset

Re: Fortigate FSSO Agent - Logon/Logoff events

Re: SSO for SSL VPN Authentication with FortiGate behind NAT / without Public IP

Technical Tip: Configuring SAML SSO login for Fort...

Technical Tip: How to migrate SAML SSL VPN to IPse...

Re: Fortiauthenticator oauth/openid token endpoint...

Technical Tip: How to configure FortiAuthenticator...

Re: Fortigate FSSO Agent - Logon/Logoff events

Re: Do we need to use the client certificate when ...

Re: Two factor authentication for AD admins

Re: SSL-VPN SAML SSO with Azure AD

KCS

User Statistics

User Activity

You are leaving our website