Select all the desired Users/Groups and Select ‘ Assign users’.Ĭonfiguring the FortiGate for SSL VPN and as SP. ![]() In this case, the 'group' attribute will be used as the SSL VPN grou- name on FortiGate (will be seen in later FortiGate configuration).Ĭopy the 'Group ID' to a text editor as these will be required to configure the FortiGate Group: This is optional and is needed only if performing group matching based on group membership of AWS users on FortiGate is intended. When you configure a FortiGate as a service provider (SP), you can create an authentication profile that uses SAML for both firewall and SSL VPN web portal. Refer to the AWS docs:Ĩ ) Additionally, a group attribute value can also be passed on FortiGate. Other mappings are also available that can be used. ![]() In this case, the 'username' attribute will be used as the SSL VPN user-name on FortiGate (will be seen in later FortiGate configuration). A sample configuration is provided below: These are the values that will be passed on to the FortiGate by the AWS SSO.Ĭonfigure the values as required. This will be imported to FortiGate later. Set the Application ACS URL: Set the Application SAML audience: Copy the following items to a text editor as these will be required to configure the FortiGate SAML: Set the Application start URL: Select 'If you don't have a metadata file, you can manually type your metadata values'. ![]() The 'Display name' is the name of the portal the user logs into. ![]() Choose ' Create AWS organization' to complete this process.ģ) Head over to ‘ Users’ and select ‘ Add user’.Įnter the details for Username, Email address, and First Name.Ĥ) Go to the 'Applications' and select 'Add a new application'.ĥ) Select ‘Add a custom SAML 2.0 application’Ħ) Enter the Display name. If AWS Organizations is not setup, there will be a prompt to create an organization. This article describes how to set up both AWS SSO and FortiGate for SAML SSO for web mode SSL VPN with FortiGate acting as SP.Ĭonfiguring the AWS SSO account IDP application.Ģ) Open a browser, log in to the AWS account, and enable AWS SSO.
0 Comments
Leave a Reply. |