Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Configuring Entra ID options for agent-based VPN autoconnect

Configuring Entra ID options for agent-based VPN autoconnect

Note

VPN autoconnect is a feature that only the FortiClient agent for Windows supports. Therefore, the Microsoft Entra ID Options configuration settings and the FortiSASE agent-based VPN autoconnect using Microsoft Entra ID use case apply to Windows endpoints only.

You must configure FortiSASE with Entra ID options, namely the domain name and application ID, to automatically connect to FortiSASE SSL VPN using Entra ID credentials. The FortiSASE Endpoint Management Service uses this information to configure the remote access profile on the FortiClient agent installed on a Windows endpoint. The FortiClient agent for Windows also uses this information to automatically establish an SSL VPN connection immediately after FortiClient is installed, and every time a user logs into Windows.

To configure FortiSASE with Entra ID options:
  1. In Configuration > VPN User SSO, ensure that Service Provider Configuration and Identity Provider Configuration are already configured as Configuring FortiSASE with Entra ID SSO in endpoint mode describes.
  2. Under Microsoft Entra ID Options, click Configure.

  3. In the Microsoft Entra ID Options slide-in, select Allow Automatic Sign-on and enter the domain name and application ID.

For instructions for locating the domain name and application ID on the Azure portal and deployment details for configuring remote Windows endpoints with the FortiClient agent for Windows to automatically connect to FortiSASE SSL VPN using Entra ID credentials, see the FortiSASE Agent-based VPN Auto-Connect using Entra ID SSO Deployment Guide.

Previous
Next

Configuring Entra ID options for agent-based VPN autoconnect

Note

VPN autoconnect is a feature that only the FortiClient agent for Windows supports. Therefore, the Microsoft Entra ID Options configuration settings and the FortiSASE agent-based VPN autoconnect using Microsoft Entra ID use case apply to Windows endpoints only.

You must configure FortiSASE with Entra ID options, namely the domain name and application ID, to automatically connect to FortiSASE SSL VPN using Entra ID credentials. The FortiSASE Endpoint Management Service uses this information to configure the remote access profile on the FortiClient agent installed on a Windows endpoint. The FortiClient agent for Windows also uses this information to automatically establish an SSL VPN connection immediately after FortiClient is installed, and every time a user logs into Windows.

To configure FortiSASE with Entra ID options:
  1. In Configuration > VPN User SSO, ensure that Service Provider Configuration and Identity Provider Configuration are already configured as Configuring FortiSASE with Entra ID SSO in endpoint mode describes.
  2. Under Microsoft Entra ID Options, click Configure.

  3. In the Microsoft Entra ID Options slide-in, select Allow Automatic Sign-on and enter the domain name and application ID.

For instructions for locating the domain name and application ID on the Azure portal and deployment details for configuring remote Windows endpoints with the FortiClient agent for Windows to automatically connect to FortiSASE SSL VPN using Entra ID credentials, see the FortiSASE Agent-based VPN Auto-Connect using Entra ID SSO Deployment Guide.

Previous
Next