Showing results for 
Search instead for 
Did you mean: 

Add SSO Authentication to Fortinet SSL VPNs with MFA and Conditional Access

Iron II
Iron II

Got a Fortinet SSL VPN? That's how most of my users accessed our fileserver at my last company. That fileserver was core to how engineer, QA, and manufacturing collaborated and wasn't going anywhere. I didn't have the budget to use FortiTokens and third party solutions were just was prohibitively expensive. We had single-factor, password-only security to access our "crown jewels."

Thankfully, times have changed. There's no longer any reason to not have SSO enabled (to make life easier for your users), as well as MFA enabled. Conditional Access can add another layer of security by restricting logins to managed devices, making MFA mandatory, and whitelisting by geography. Using an IAM platform to manages your devices cross-OS strengthens your perimeter security; Conditional Access adds important Zero Trust controls that address the reality of today's threat environment.

This blog outlines how to integrate an IAM solution with Fortinet using SAML SSO. It's my latest, and was a fun one... once I realized what was possible. More to come on this topic (open source VPNs like Pritunl and Firezone are up next). I'm particularly excited about the latter, because it provides a high-performance IPSec alternative, managed by a cloud directory.