Configuring the remote SAML server
To configure the remote SAML server:
- Go to Remote Auth. Servers > SAML, and click Create New.
The server name must match the one created in https://portal.azure.com/. For example, if the name in Azure is set as AZIdP, the SAML server should also use AZIdP (case sensitive).
- For the Entity ID, click the dropdown menu and select the Azure IdP option.
- Import the IdP metadata from Azure. To download and import the Azure federation metadata:
- In Azure, go to Azure Active Directory > App Registrations and select the application being used for SAML authentications for your FortiAuthenticator.
- In Endpoints, select the federation metadata document, enter the URL into the browser, and save it as an XML file.
- Click Import IDP metadata/certificate, and upload the federation metadata file.
- In Group Membership, select Cloud and choose the previously created Azure OAuth server. See Configuring OAuth settings.
- At the top of the page, select Proxy as the Type, and copy the Portal URL to be used later when customizing the replacement message.
- Click OK to save changes.