Configure Fortigate SSL VPN to use Azure AD as SAML IDP (MFA / Conditional Access)

Показать описание

Welcome to this tutorial video on Using Azure AD and SAML to authenticate Foritgate SSL VPN Users.

Traditionally to authenticate VPN users you would use LDAP or Radius. Radius was required if you needed to provided different levels of access to different groups of users. And would be handled by having the Radius server return a Vendor-specific attribute that matched the name of a group defined on the Fortigate.

But what if you want to authenticate agains Azure AD, and make use of Multi-factor Authentication. This video will allow you to provide Role based access to users with full access to Azure AD MFA as well as Conditional Access policies.

There are other solutions that make use of radius, and an add-on for Network Policy Server, but these solutions have limitation regarding authentication methods and returning vendor specific attributes for role based access.

I am using FortiOS 7.0 on my lab appliance and a newly created trial Microsoft 365 tennant. However documentation states that this should work with all versions of FortiOS 6.2 and Higher.

Fortinet Docs:

**Note: It seems the Documentation from Fortinet has been taken down Please find this link to an alternate PDF copy of the doc (See pg 140):

Microsoft Docs:

No group info in SAML response:

Рекомендации по теме

Комментарии

I've been pouring over the config documents from both Azure and Fortigate side for about a week preparing to get it done this week. Always helpful to see someone actually do it though and I'm really happy you left the troubleshooting in there. Invaluable! Liked and subscribed sir, thank you!

joshpark

Great video. Really enjoyed how you showed the whole process including the small issues you ran into.

denmanfite

Thank you Dan! I was able to setup the same within 1.5 hours thanks to your vid.
If anyone cares: If using FIDO2 key (passwordless), you have to select the option in the Forticlient VPN profile to authenticate using the browser.

thom

One of the best fortigate SSL VPN integration with azure AD using SAML tutorial

jaspreetmangat

Great, Thank you! This works out perfectly!! Multiple groups with different access and I was also able to configure access to go over a S2S VPN as well.

CrvTEC

Dude thank you! One thing to note, is that you dont need the quotes anymore on 7.2.8 firmware.

JamesNationMusic

absolute genius. straight forward and easy to follow

_retrogamer

Best content in the subject for months in the subject I have come across. Thank you

attiland

Top notch demonstration. I'll be implementing this soon and this video is a great resource to have.

stevencamacho

Thank you for creating this content Dan. Great video and instructions. It was incredibly helpful.

michaelramirez

Thanks a ton for the great Video. Each and every step in detail.

AmitKhandelwal

Great Video! I am using in version 6.2.9 too

sacoderch

Great vid. My free Azure account would not allow me to add groups to the FortigateSSL enterprise app thingy in Azure, only users. But, you could kick it a bit on the login and could evenutally get to the SSL portal. Thanks for the useful video and info. Make more vids!

WReaume

great video. really informative .well organized and detailed. thanks for sharing. would like to see more upload from you.

peterliu

Excellent video. Thanks for all your help!

raulkamal

Thanks for taking the time providing this great guide

markb

I would like to thank you for this amazing video. Really helpful

amiryousry

Excellent video Dan! thank you so much

eduarmoran

Thanks for posting this. This really helped me.

billbaltas

Thanks, great video.

I was stuck when I forgot to add the new group to my existing policy, then I found your video at 29:06 strange that it wouldn't even let you sign in without a policy.

asherxtn

Configure Fortigate SSL VPN to use Azure AD as SAML IDP (MFA / Conditional Access)

How to Setup SSL VPN on FortiGate Firewall: Step-by-Step Guide

How to Configure SSL VPN on FortiGate FortiOS 7 - FortiGate Remote Access

Fortinet: How to Setup SSL/VPN to Remotely Connect to a FortiGate firewall

SSL VPN Full Tunnel Setup for Remote Users

FortiGate SSL VPN Configuration (FortiOS 6.4.0 Basic)

FortiGate v7.2.0 SSLVPN Configuration (Local & LDAP Auth)

Configure Fortigate SSL VPN to use Azure AD as SAML IDP (MFA / Conditional Access)

FortiGate Remote Access VPN Configuration

AUTENTICAÇÃO SAML EM VPN IPSEC CLIENT TO SITE NO FORTIGATE! MFA/2FA GRATUITO COM AZURE!

SSL VPN Web Mode for Remote Users

Steps to Hardening FortiGate SSL VPN

How to set up SSL VPN in FortiGate firewall?

SSL VPN Configuration in Fortigate Firewall

How to Install Duo for Fortinet FortiGate SSL VPN

[Fortigate] SSL VPN Configuration with FortiClient and Web Browser /FortiClient configuration[7.4.3]

Fortinet: Connect with FortiClent SSL VPN to FortiGate Firewall

Day-09 | Configure IPSec Remote Access VPN in Fortigate Firewall | SSL VPN configuration

Establishing an SSL VPN Connection to FortiGate using Azure AD | FortiGate

Beginners Guide to SSLVPN Realms

Fortinet Fortigate: Configure SSL VPN Access to the Network

Fortigate SSL VPN (With Client)

FortiGate SSL VPN with Azure MFA

How to config SSL VPN on FortiGate Firewall (Firmware 6.0)

How to Setup SSL/#VPN to Remotely Connect to a #FortiGate 100F firewall and configure #FortiClient