Description | This article describes a CLI change in FortiOS 7.4.2 and above where 'set auth-url' under 'config user saml' has been removed, and has been replaced with 'config user external-identity-provider' in FortiOS 7.4.2 and above. |
Scope | FortiOS 7.4.2 and above. |
Solution |
This feature allows a customer's Windows endpoint with the FortiClient agent installed to automatically sign into FortiSASE IPsec using the same Azure AD credentials that the user used to log into the endpoint.
Below is the 'config user saml' configuration in 7.4.1 and below:
edit "Test_7.4.1" set cert '' next end
Below is the 'config user saml' configuration in 7.4.2 and above:
edit "Test_7.4.2" set cert '' next end
As seen from the above 'Test_7.4.2' configuration, 'set auth-url' has been removed and has been replaced by the following configuration in 7.4.2 and above:
config user external-identity-provider edit "Test_eidp_7.4.2" set type ms-graph next end
Note: Once the external identity provider is set, ensure that it is assigned to the existing user group used for SAML in addition to the SAML server. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.