We need to make two changes here, firstly we need to modify oups, secondly add Username = erprincipalname.Īll we need to do here is download the BASE64 certificate and save this for later as we will need to import this into the FortiGate.Īccess to the Enterprise Application will be granted to users who are members of the SSL-VPN-USERS group Also Change the port (10443) to the port you are going to configure on the FortiGate for SSL VPN connections (if Different). The "Basic SAML Configuration" box shows the URLS you need to enter, please note, :10443 should be substituted to the subject name of the SSL cert you have applied for to be used with your SSL VPN. Log into the Azure Portal and navigate to the following:Īzure Active directory > Enterprise Applications > New ApplicationĪfter creating the App you should be punted to the overview screen, select Setup Single sign-on buttonįrom this page we can pre-provision the SAML settings that we will later put into the FortiGate. Have basic knowledge on firewall configuration/rulesĬreate the Azure enterprise application and configure the SAML/SSO settingsĬreate the SSL VPN settings on the FortiGateĪpply Firewall policy for inbound VPN traffic to LAN
You have a Azure Tenant and Subscription with global Administrator AccessĪdministrator Access to the FortiGate Firewall You have a Valid SSL Cert created from a CSR for use with the SSL VPN setup.
Had a bunch of these jobs recently and there doesn't seem to be a lot of information on how to set this up, so thought it would be an ideal blog post.
0 kommentar(er)
