Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • EMS Administration Guide

    Home FortiClient 7.2.3 EMS Administration Guide
    7.2.3
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    SAML Configuration

    SAML Configuration

    In SAML Configuration, you can configure connections to SAML identity providers (IdP), such as Microsoft Entra ID (formerly known as Azure Active Directory (AD)). This allows end users to connect to FortiClient EMS and authenticate using their relevant credentials, such as to Entra ID.

    To add a SAML configuration:
    1. In EMS, go to User Management > SAML Configuration.
    2. In the Name field, enter the desired name for this configuration.
    3. For Authorization Type, do one of the following:
      1. Select LDAP to associate a domain with this SAML configuration. From the Domain dropdown list, select the desired domain.
      2. Select None to not associate a domain with this SAML configuration. This is only recommended for non-domain endpoints.
    4. In the Domain Identification field, enter an AD userPrincipalName attribute name for EMS to use to verify the user's domain. You must add the same attribute to the IdP for verification to succeed.
    5. Configure Service Provider Settings. EMS is the service provider (SP):

      Setting

      Description

      SP Address

      Enter the EMS IP address. You can also click the Use Current URL button to autopopulate the field. Your browser must be able to access this IP address.

      Prefix

      Enter the prefix generated in EMS for the IdP. You can generate a new prefix by clicking the Generate button.

      SP ACS (login) URL

      Enter the SP login URL.

      SP Entity ID

      Enter the SP entity ID.

      SP Certificate

      Click Upload new certificate to upload the SP certificate.

      Only upload an SP certificate if you uploaded the same certificate for this SP (in this case, EMS) in the IdP server.

    6. Configure Identity Provider Settings:

      Setting

      Description

      IdP single sign-on URL

      Enter the IdP single sign-on URL, including the http or https prefix as applicable.

      IdP entity ID

      Enter the IdP entity ID, including the http or https prefix as applicable.

      IdP Certificate

      Click Upload new certificate to upload the IdP certificate.

      Upload the same certificate that you configured in the IdP.

    7. Click Save.
    Note

    To use SAML to verify user identity when users connect FortiClient to EMS using an invitation code, you must select SAML for the Verification Type when configuring an invitation. See Invitations.
    Previous
    Next

    SAML Configuration

    SAML Configuration

    In SAML Configuration, you can configure connections to SAML identity providers (IdP), such as Microsoft Entra ID (formerly known as Azure Active Directory (AD)). This allows end users to connect to FortiClient EMS and authenticate using their relevant credentials, such as to Entra ID.

    To add a SAML configuration:
    1. In EMS, go to User Management > SAML Configuration.
    2. In the Name field, enter the desired name for this configuration.
    3. For Authorization Type, do one of the following:
      1. Select LDAP to associate a domain with this SAML configuration. From the Domain dropdown list, select the desired domain.
      2. Select None to not associate a domain with this SAML configuration. This is only recommended for non-domain endpoints.
    4. In the Domain Identification field, enter an AD userPrincipalName attribute name for EMS to use to verify the user's domain. You must add the same attribute to the IdP for verification to succeed.
    5. Configure Service Provider Settings. EMS is the service provider (SP):

      Setting

      Description

      SP Address

      Enter the EMS IP address. You can also click the Use Current URL button to autopopulate the field. Your browser must be able to access this IP address.

      Prefix

      Enter the prefix generated in EMS for the IdP. You can generate a new prefix by clicking the Generate button.

      SP ACS (login) URL

      Enter the SP login URL.

      SP Entity ID

      Enter the SP entity ID.

      SP Certificate

      Click Upload new certificate to upload the SP certificate.

      Only upload an SP certificate if you uploaded the same certificate for this SP (in this case, EMS) in the IdP server.

    6. Configure Identity Provider Settings:

      Setting

      Description

      IdP single sign-on URL

      Enter the IdP single sign-on URL, including the http or https prefix as applicable.

      IdP entity ID

      Enter the IdP entity ID, including the http or https prefix as applicable.

      IdP Certificate

      Click Upload new certificate to upload the IdP certificate.

      Upload the same certificate that you configured in the IdP.

    7. Click Save.
    Note

    To use SAML to verify user identity when users connect FortiClient to EMS using an invitation code, you must select SAML for the Verification Type when configuring an invitation. See Invitations.
    Previous
    Next