Fortinet black logo

EMS Administration Guide

Home FortiClient 7.2.1 EMS Administration Guide
7.2.1
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.9
6.4.8
6.4.7
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.8
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0

SAML SSO with Azure AD as IdP

SAML SSO with Azure AD as IdP

You can configure a single sign on (SSO) connection with Azure Active Directory (AD) via SAML, where Azure AD is the identity provider (IdP) and FortiClient EMS is the service provider (SP). This feature allows users to log in to EMS by logging in with their Azure AD credentials.

To configure FortiClient EMS with Azure AD SSO:
  1. In FortiClient EMS, go to Administration > SAML SSO. Service Provider Settings displays the SP Address, SP Entity ID, and SP ACS (login) URL fields. You use these values to configure FortiClient EMS as an SP in Azure. Copy these values.
  2. Create and configure your FortiClient EMS environment in Azure:
    1. In the Azure portal, go to Azure Active Directory > Enterprise applications > New application.
    2. Search for and select FortiClient EMS.
    3. Click Create.
    4. Assign Azure AD users and groups to FortiClient EMS.
    5. Go to Set up single sign on.
    6. For the SSO method, select SAML.
    7. In Basic Configuration, enter the values that you copied in step 1. The following summarizes the mapping between EMS fields and Azure fields:

      EMS Service Provider Settings field

      Azure AD Basic SAML configuration field

      SP Entity ID

      Identifier (Entity ID)

      SP ACS (login) URL

      Reply URL (Assertion Consumer Service URL)

      SP Address

      Sign on URL

  3. Obtain the IdP information from Azure:
    1. The SAML Signing Certificate box contains links to download the SAML certificate. Download the certificate.
    2. The Set up <FortiClient EMS instance name> box lists the IdP information that you must provide to FortiClient EMS. Copy the values in the Login URL and Azure AD Identifier fields.
  4. Configure the IdP information in FortiClient EMS:
    1. In EMS, under Identity Provider Settings, In the IdP Entity ID and IdP single sign-on URL fields, paste the values that you copied from the Azure AD Identifier and Login URL fields, respectively.
    2. From the IdP Certificate dropdown list, select Create, then upload the certificate that you downloaded. Click Next.
  5. Review the SAML configuration, then click Save.
Previous
Next

SAML SSO with Azure AD as IdP

You can configure a single sign on (SSO) connection with Azure Active Directory (AD) via SAML, where Azure AD is the identity provider (IdP) and FortiClient EMS is the service provider (SP). This feature allows users to log in to EMS by logging in with their Azure AD credentials.

To configure FortiClient EMS with Azure AD SSO:
  1. In FortiClient EMS, go to Administration > SAML SSO. Service Provider Settings displays the SP Address, SP Entity ID, and SP ACS (login) URL fields. You use these values to configure FortiClient EMS as an SP in Azure. Copy these values.
  2. Create and configure your FortiClient EMS environment in Azure:
    1. In the Azure portal, go to Azure Active Directory > Enterprise applications > New application.
    2. Search for and select FortiClient EMS.
    3. Click Create.
    4. Assign Azure AD users and groups to FortiClient EMS.
    5. Go to Set up single sign on.
    6. For the SSO method, select SAML.
    7. In Basic Configuration, enter the values that you copied in step 1. The following summarizes the mapping between EMS fields and Azure fields:

      EMS Service Provider Settings field

      Azure AD Basic SAML configuration field

      SP Entity ID

      Identifier (Entity ID)

      SP ACS (login) URL

      Reply URL (Assertion Consumer Service URL)

      SP Address

      Sign on URL

  3. Obtain the IdP information from Azure:
    1. The SAML Signing Certificate box contains links to download the SAML certificate. Download the certificate.
    2. The Set up <FortiClient EMS instance name> box lists the IdP information that you must provide to FortiClient EMS. Copy the values in the Login URL and Azure AD Identifier fields.
  4. Configure the IdP information in FortiClient EMS:
    1. In EMS, under Identity Provider Settings, In the IdP Entity ID and IdP single sign-on URL fields, paste the values that you copied from the Azure AD Identifier and Login URL fields, respectively.
    2. From the IdP Certificate dropdown list, select Create, then upload the certificate that you downloaded. Click Next.
  5. Review the SAML configuration, then click Save.
Previous
Next