| Description |
This article describes that the free VPN-only client for FortiClient (macOS) now includes the single sign-on mobility agent (SSOMA).
It is possible to monitor these endpoints from the FortiAuthenticator SSO monitor. The free VPN-only FortiClient (macOS) also now supports the following FortiGate-provisioned host checks: - OS version. - Running processes. - File existence.
This enhancement allows the definition of host check rules in FortiOS VPN settings and enforces compliance for free VPN-only client endpoints. |
| Scope | Free VPN client for macOS + SSOMA 7.2.1. |
| Solution |
The following instructions assume that the following settings are configured on FortiAuthenticator: - FortiClient SSOMA is enabled. - FortiClient SSOMA listening port is configured as 8001. - A secret key for FortiClient SSOMA is configured.
- Remote authentication server (Active Directory (AD) server) is configured.
To configure SSOMA on free VPN-only FortiClient (macOS):
1) Log in to the endpoint as an AD domain user. 2) In the FortiClient free VPN-only client, go to Settings. 3) Under Advanced, select Enable Single Sign-On mobility agent. 4) In the Server address field, enter the FortiAuthenticator IP address or fully qualified domain name. 5) In the Port field, enter the FortiClient SSOMA listening port configured in FortiAuthenticator. In this example, it is 8001. 6) In the Pre-shared key field, enter the secret key configured in FortiAuthenticator.
7) Confirm that FortiAuthenticator records a new entry in Monitor -> SSO -> SSO Sessions. 8) In the FortiClient free VPN-only client, connect to a VPN tunnel. 9) In FortiAuthenticator, confirm that a new record appears in Monitor -> SSO -> SSO Sessions for the VPN connection.
The following shows the free VPN-only client for FortiClient (macOS) GUI when it cannot connect to VPN due to a FortiGate-provisioned host check:
|
