My users use FortiClient to connect to VPN with local user authenticaiton. I am thinking of migrating them to Azure Active Directory and apply SAML authenticaiton. Can someone give me some pointers?
I'd start here :
https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/219787/saml-sp-for-vpn-authentication
FGT as SP (Service Provider) and auth against SAML IdP (whichever one).
And hints to how-to set Azure as IdP for FortiGate as SP can be derived from here :
https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/33053/outbound-firewall-authentication-with-azure-ad-as-a-saml-idp
Part on FortiGate is for firewall auth, but that auth can be modified to be auth for SSL VPN, as you'd need policy for tunnels as well.
I am running 7.2. I have uploaded the Cert and can see it under system>certificates. However, it does not appear in the list of certs during the SAML setup. From the CLI, I can rename the cert, but when I try to add the cert to the SAML config, it also says it cannot find the cert. Any thoughts?
I am running 7.2. Under the system > certificates, I can see the remote cert I uploaded, but in the SAML config, and from the CLI, it does not see the certificate. Any thoughts?
