Test the Fortinet appliance integration

There are two tests to verify the Fortinet SSL VPN Appliance is properly configured to work with Okta.

Topics

 

Network Flow Diagram

Test SSL-VPN with Fortinet

  1. Open the Fortinet app and select Remote Access, as shown below.

  2. Enter your Username and a Password.
    • The username must be in the format you specified when you added the app in Okta in Part 2, above.
    • If configured, you concatenate the Password with a one-time password (OTP) or a keyword; for example Password1,123456, Password1,push, or Password1,sms, as detailed below.
      • 123456 – code from Okta Verify, Google Authenticator, or Yubikey OTP
      • push – trigger push notice to enrolled phone
      • sms – trigger sms to enrolled phone
      • other – any other configuration
  3. Click Connect.
  4. If you receive the Connection Error! screen shown below, check your username and password and try again.

  5. When the challenge screen appears, enter the corresponding number to the appropriate second factor and click Continue, as shown below. Follow the prompts to enter the second factor challenge and then, click OK.

    Note: Users are challenged for a second factor to use based on the devices they have enrolled.

  6. After successfully completing the challenge, you are connected and see the screen shown below.

    The FortiClient Console displays the connection details, as shown below.

    If you enter an incorrect value or take to long to respond to the push notification, you see the screen shown below.

Test the clientless VPN with the Fortinet web portal

  1. Navigate to the Fortinet web portal URL, as shown below.

  2. Enter your Username and a Password.
    • The username must be in the format you specified when you added the app in Okta in Part 2, above.
    • If configured, you concatenate the Password with a one-time password (OTP) or a keyword; for example Password1,123456, Password1,push, or Password1,sms, as detailed below.
      • 123456 – code from Okta Verify, Google Authenticator, or Yubikey OTP
      • push – trigger push notice to enrolled phone
      • sms – trigger sms to enrolled phone
      • other – any other configuration
  3. Click Connect.
  4. If you receive the Login Failed screen shown below, check your username and password and try again.

  5. When the challenge screen appears, enter the corresponding number to the appropriate second factor, as shown below. Follow the prompts to enter the second factor challenge and then, click Login.

    Note: Users are challenged for a second factor to use based on the devices they have enrolled.

  6. After successfully completing the challenge, you are connected and see the screen shown below.

    If you enter an incorrect value or take to long to respond to the push notification, you see the screen shown below.