![]() ![]() This configuration assumes users and groups are already created in Azure. Download the certificate to be later imported to FortiGate.ħ) Fill out the URLs below with information from FortiGate SSL VPN IP/FQDN and port.Ĩ) Configure the Attributes/Claims to match attributes between Azure and Duo, and between Duo and FortiGate.ĩ) Configure group, application, and global policies as desired, define a name for thisApplication and select 'Save'.Ĭonfiguration Steps for Application in Microsoft Azure. ![]() Select 'Protect'.Ħ) Note the URL's 'Entity ID', 'Single Sign-On URL', and 'Single Log-Out URL' that will be used in the FortiGate SAML configuration. ![]() Import the certificate downloaded from the Microsoft Azure application.Ĥ) On the 'Applications' section, select 'Protect an Application'.ĥ) Search for 'Generic SAML Service Provider' and press 'Enter'. If not yet configured, add an authentication source as per Duo documentation referenced below:ġ) On the Single Sign-On section, select 'Add source':Ģ) Note the two URLs highlighted in the screenshot below (' Entity ID' and 'Audience Restriction') that will be used in the Microsoft Azure SAML Application.ģ) From the Microsoft Azure SAML Application created, note the URL's 'Entity ID', 'Single Sign-On URL', and 'Single Logout URL' and fill out the fields as per the screenshot below, and select 'Save'. This article will encompass configuration steps for FortiGate, FortiClient, Cisco DUO, and Microsoft Azure. Some of the configuration steps are performed concurrently on different devices and platforms.Ĭonfiguration Steps for Authentication Source and SAML Application in Duo. This article describes how to configure SSL VPN with SAML Authentication with Duo as IdP and Microsoft Azure AD as the authentication source.įortiGate 6.2.3+, FortiClient 6.4.0+, Cisco Duo, and Microsoft Azure AD. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |