FortiAuthenticator currently supports use with Microsoft Azure Active Directory Module for Windows PowerShell.
- Launch the Microsoft Azure Active Directory Module for Windows PowerShell.
- Enter the following command in PowerShell:
Install-Module -Name MSonline.
Accept the next two default ("Y") prompts for installing the NuGet Provider and installing from PSGallery.
- If you are using Windows 2016 or earlier, you must first enable TLS 1.2 enforcement for Azure AD Connect. For instructions on enabling TLS 1.2 eforcement, see Azure AD Connect: TLS 1.2 enforcement for Azure Active Directory Connect.
- Enter the following command:
The Microsoft Sign in window opens. Login with your Azure ID.
- Add a federated domain by entering the following command.
New-MsolDomain -Name <your domain> -Authentication Federated
- Obtain the DNS record and create a new text record in your domain provider to allow the domain to be verified. To obtain the DNS record, use the following command:
Get-MsolDomainVerificationDns -DomainName ftnt.xyz -Mode DnsTxtRecord
From the output, copy the Text field results and create a new text record in your domain with a 60 minute interval.
- Configure the domain as a SAML service provider.
You can create these variables inside a text editor and then copy and paste them into a PowerShell window.
$domain = "<your domain>""
$cert = "<your certificate. This can be obtained by downloading your certificate from FortiAuthenticator and opening it with a text editor.>"
$protocol = "SAMLP"
$IssuerUrl = "<The IdP entity ID from FortiAuthenticator>"
$LogonUrl = "<The IdP single sign-on URL from FortiAuthenticator>"
$LogoffUrl = "<The IdP single logout URL from FortiAuthenticator>
Once completed, enter the following command into PowerShell to verify the domain:
Confirm-MsolDomain -DomainName $domain - SigningCertificate $cert - PreferredAuthenticationProtocol $protocol -IssuerUri $IssuerUrl -PassiveLogOnUri $LogonURL -LogOffUri $LogOffUrl
The return text from the above command should read "AvailableImmediately The domain has been successfully verified for your account."