Which statement about FortiSASE and SAML is true? (Choose one answer)

A. FortiSASE acts as the SP, relies on an external IdP, and can use SAML group matching.
B. FortiSASE supports SAML login but cannot use SAML group matching.
C. FortiSASE acts as the IdP and can perform SAML group matching internally.
D. FortiSASE includes IdP functionality and uses it for SAML group matching.

Correct Answer: A

Brave-Dump Clients Votes

A 100%

Comments

Brave-Dumps Admin 2025-10-30 13:43:40

Selected Answers: A

It needs additional check

javaughn Bryan 2025-11-21 19:04:13

Selected Answers: A

You can enable user authentication while onboarding FortiClient. The supported user authentication method is SAML single sign-on (SSO). The end user must enter their credentials to register FortiClient with FortiSASE. Enabling this feature provides an additional layer of security during FortiClient registration. FortiSASE can be a service provider, while products like FortiAuthenticator, Okta, Entra ID, and so on can act as an identity provider (IdP) for this configuration. Once enabled, all endpoints must authenticate using SSO. Previously onboarded endpoints will be migrated to a new invitation code the next time they reboot.

You can configure SSO authentication for user onboarding on the SSO page. The service provider fields are preconfigured and should be added to your IdP server. You must enter the IdP configuration into FortiSASE to complete the SSO configuration.

PAGE 43. SASE CORE ADMINISTRATOR GUIDE

Enable and configure SAML Group Matching if you only want Azure AD users of a certain group to be allowed to authenticate. Otherwise, leave this setting disabled. You can further define more granular groups when you configure user group settings.

https://docs.fortinet.com/document/fortisase/latest/mature-swg-with-vpn-deployment-guide/293222/configuring-sso-saml-users