Browser as external user agent for ZTNA user authentication 7.0.3
Using a browser as an external user agent for zero trust network access (ZTNA) user authentication requires the following:
- The FortiGate and EMS must be connected as part of a Fortinet Security Fabric.
- You must have properly configured ZTNA settings in FortiOS.
- FortiClient must be registered to EMS.
- You must have configured ZTNA rules in EMS or FortiClient.
The following shows the topology for this example:
To add a ZTNA rule in FortiClient:
- Go to ZTNA Connection Rules.
- Click Add Rule.
- Configure a rule as desired. Enable Use external browser as user-agent for saml user authentication. This example configures an SSH server.
- Click Create.
To verify the configuration:
- Attempt to connect to the configured SSH server.
- The browser may display a prompt to select a certificate for authentication. If so, install the desired certificate as directed. The browser displays a FortiAuthenticator authentication web portal.
- Log in via the browser. The endpoint can now access the SSH server.