Follow the steps below to configure single sign-on with Azure AD.
1.) Log in to the Fortinet Security Awareness and Training Service Admin view as the tenant administrator or a user with the Admin role assignment.
2.) Select Settings from the navigation menu, then select the Admin settings tab. Now select teh Configure button in the Single Sign-On (SSO) section:
3.) Select the Add Fortinet as a SAML service provider (SP) option button:
4.) Now, log in to the Microsoft Entra admin center and select Enterprise applications from the Applications section in the navigation menu. The Enterprise applications console is displayed:
5.) Select + New application from the header menu:
6.) From the Browse Microsoft Entra Gallery page, select + Create your own application option:
7.) Enter the following name (or a name of your choice) in the What's the name of your app? field in the Create your own application dialogue: Fortinet Security Awareness and Training Service V3
8.) Ensure the Integrate any other application you don't find in the gallery (Non-gallery) option button is selected, then select the Create button:
9.) Select the Get Started link in Section 2. Set up single sign on:
10.) Select SAML from the Select a single sign-on method section:
11.) Select the Edit link in section 1 - Basic SAML Configuration section:
12.) Return to the Fortinet Security Awareness and Training Service tab in your browser and click on the copy icon in the Copy this SP Entitiy ID (service provider metadata) section (the second link):
13.) Return to the Microsoft Entra admin center tab in your browser and click on the Add identifier link in the Identiifier (Entity ID) section of the Basic SAML Configuration section, then paste the value copied:
14.) Return to the Fortinet Security Awareness and Training Service tab in your browser and click on the copy icon in the Copy this ACS URL section (the first link):
13.) Return to the Microsoft Entra admin center tab in your browser and click on the Add Reply URL link in the Reply URL ((Assertion Consumer Service URL) section of the Basic SAML Configuration section, then paste the value copied:
14.) Scroll down to the bottom of the page and enter the following link in the Logout Url (Optional) section: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
16.) Close the window after saving, to return to the main application page:
17.) Select the Edit link in section 2: Attributes and Claims:
18.) In the Required claim section, click on the claim name: Unique User Identifier (Name ID) link:
19.) Set the Source attribute value to user.mail (you can type mail into the search box to find the attribute):
20.) Click the Save button:
21.) Delete all claims in the Additional claims section by selecting the three dots on the right of the entry, then select Delete, then confirm:
There should be no Additional claims entries when you are finsished. We will new ones in the next step:.
22.) Select the +Add new claim link in the upper right:
23.) Return to the Fortinet Security Awareness and Training Service tab in your browser and click the Continue button:
24.) Assign the Attributes you will map in the Entra admin console by typing them in the Attributes fields. There must be no spaces in these values. You can use underscores. Once entered, click the Continue button:
25.) Return to the Microsoft Entra admin center tab in your browser and create the three claims using the values you specified in the previous step. For the first claim, pupulate the Name value matching above, in this example, Email. Then map the source attribute to user.mail and save the entry:
The new additional claim is listed:
26.) Now, create two additional claims using the attribute name you specified for firstname (map this to the user.givenname source attribute) and lastname (map this to the user.surname source attribute). Your entry should look similar to this example:
27.) Close this section by selecting the X in the upper right had of the screen:
In order for users to be able to access and utilize this new app, you must give them permission.
28.) Select Users and groups from the App navigation menu and grant permissions to individual users, or groups of users:
29.) Once users have been given permissions, select Single sign-on from the App navigation menu:
30.) From section 3: SAML Certificates, click the copy button on the right hand side of the App Federation Metadata url field:
31.) Return to the Fortinet Security Awareness and Training Service tab in your browser and ensure the Input Metadata URL option button is selected on the final page, paste the value you just copied from the Entra console and click the complete button to save the configuration:
Single Sign-On (SSO) displays a status of Enabled:
32.) Now, create a single user in the Fortinet Security Awareness and Training service and use the configured domain to verify that users can log in using SSO credentials from Entra:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article