Hot!FortiClient & Microsoft Azure MFA

Author
nyctelecom
New Member
  • Total Posts : 12
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/11/01 08:57:05
  • Status: offline
2019/02/25 05:28:05 (permalink)
0

FortiClient & Microsoft Azure MFA

Hello, 
 
Can anyone point me to information related to configuring the Forticlient with MS Azure MFA?
 
Thanks!
#1

3 Replies Related Threads

    ablake
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/03/11 12:02:22
    • Status: offline
    Re: FortiClient & Microsoft Azure MFA 2019/03/11 12:38:07 (permalink)
    0
    Hey nyctelecom,
     
    Do you have a Radius server with the Azure MFA client running on it? if so, all you need to do is create the Radius Server entry on your FortiGate which has to be pointed to the Radius server that is running the Azure MFA client. The Azure Client can be found on your Azure portal; go to "Azure Active Directory >>  MFA >> Server Settings" then click on the "download" link to get the MFA Server client and then click on the "Generate" link to create the activation credentials that will be needed to sync your RADIUS server to Azure MFA.
    #2
    nyctelecom
    New Member
    • Total Posts : 12
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/11/01 08:57:05
    • Status: offline
    Re: FortiClient & Microsoft Azure MFA 2019/03/11 13:31:58 (permalink)
    0
    Perfect.
     
    Thank you!
    #3
    XavierC
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/04/10 07:53:19
    • Status: offline
    Re: FortiClient & Microsoft Azure MFA 2020/04/10 08:02:44 (permalink)
    0
    Hello,
    I have configured an IpSec tunnel using the Radius authentication with MS Azure MFA, and it works like a charm if I use the phone call, or the notification on the authentication App (Microsoft Authenticator) on my smartphone.
    But if I choose another option (SMS or code from authentication App), when I login to the Forticlient with my login/pwd and press "Connect", a new field appears, and it show "Enter your Microsoft verification code". Then I fill the field with the code I have received (SMS or App), but each time the connection fails, with a text box "VPN connection failed. Check network connection..." (translation from French, sorry ;) ).
    On my radius server, I see that the NPS extension rejected the connection. It looks like the code is not correctly send from the Forticlient to the Radius server. 
    The SMS/App code MFA options work correctly to access to other ressources (ie : webmail, ...)
    Any idea of what could be wrong ?
     
    #4
    Jump to:
    © 2020 APG vNext Commercial Version 5.5