Configuring Entra ID
Create a new Entra enterprise application using the FortiSASE application as a template from the Entra app gallery, configure your Microsoft Entra ID (formerly known as Azure Active Directory or Azure AD) environment with users and groups and configure the enterprise application for SAML single sign-on (SSO) for the agent-based or endpoint mode deployment.
To create an enterprise application using FortiSASE as a template from the gallery and find the application ID of the FortiSASE enterprise application:
- Log into the Azure portal.
- Go to Microsoft Entra ID > Enterprise applications > New application.
- Search for and select FortiSASE.
- Click Create.
- In Overview > Properties, copy the application ID. You need this information in a later step.
- Assign Entra ID users and groups to FortiSASE.
To register the enterprise application:
- Log into the Azure portal.
- Go to the directory home, and select App registrations.
- In the App registrations window, select All applications, and search your application by name.
- In the list, select your application.
- Go to Manage > Certificates & secrets, and select + New client secret.
- In the Add a client secret window, do the following:
- In the Description field, enter a description for the client secret.
- From the Expires dropdown list, select a time period after which the client secret expires.
- Select Add.
|
In Client secrets, make note of the Value. Since this key is visible only once (immediately after creation), you must recreate the key if you do not copy and store it. Setting up an OAuth server requires the key. |
To add the enterprise application as an assignment:
- Go to the Microsoft Entra ID directory home, and select Roles and administrators.
- From the Administrative roles list, select Directory readers.
- Select the ellipsis for Directory readers, then select Description.
- Go to Assignments and select Add assignment.
- In the Add assignments window, search your application by name, and select Add.