{"id":62903,"date":"2022-05-13T11:00:00","date_gmt":"2022-05-13T15:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=62903"},"modified":"2024-01-29T14:58:13","modified_gmt":"2024-01-29T19:58:13","slug":"supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access","title":{"rendered":"Supercharge Fortinet NGFW Security with 探花大神 SSO and Conditional Access"},"content":{"rendered":"\n<p>IT organizations have made significant investments into security solutions, and firewalls (with VPNs) are among the most expensive. Unfortunately, network appliances are too frequently not unified with other infrastructure such as identity and access Management (IAM), which leaves gaps in the implementation of <a href=\"https:\/\/jumpcloud.com\/resources\/zero-trust-security\">Zero Trust security strategies<\/a>. <\/p>\n\n\n\n<p>There\u2019s an awareness that IT should be doing more, but cost, complexity, and management overhead are often major roadblocks.&nbsp;<\/p>\n\n\n\n<p>探花大神 removes these impediments and makes it possible to maximize your Fortinet investment by leveraging its built-in capabilities in conjunction with the 探花大神 directory platform\u2019s layers of security. 探花大神\u2019s IAM security controls supercharge firewall and SSL VPN management and security through its directory, conditional access policies, and multi-factor authentication (MFA). <\/p>\n\n\n\n<p>Those capabilities are otherwise unavailable on a Fortinet appliance or involve additional costs and vendors. This configuration also reduces the firewall\u2019s footprint on the open web, reducing the potential attack surface area with 探花大神\u2019s IAM.<\/p>\n\n\n\n<p>This article demonstrates how to easily integrate 探花大神 with your Fortinet appliance, beyond single sign-on (SSO), to significantly increase your overall network security posture.<\/p>\n\n\n\n<p><a href=\"https:\/\/jumpcloud-1.wistia.com\/medias\/s6q8ygvwuh?wvideo=s6q8ygvwuh\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/embed-fastly.wistia.com\/deliveries\/81c0f13df1568bb02b56e1fdf3eaf21a.jpg?image_play_button_size=2x&amp;image_crop_resized=960x540&amp;image_play_button=1&amp;image_play_button_color=41c8c6e0\" alt=\"Video play button\" width=\"400\" height=\"225\" style=\"width: 400px;height: 225px\"><\/a>\n\n\n\n<h2 class=\"wp-block-heading\">探花大神 Adds Zero Trust Security, Intelligent Management<\/h2>\n\n\n\n<p>探花大神 leverages Fortinet\u2019s integrated support for single sign-on (SAML SSO) to direct users to the 探花大神 portal for authentication. That\u2019s where a Zero Trust authentication flow occurs <em>before<\/em> access is permitted to a VPN (for users) or firewall console (for admins). <\/p>\n\n\n\n<p>There\u2019s no third-party MFA solution (or FortiTokens) to manage and the user experience is consistent for anyone who\u2019s accustomed to using 探花大神 SSO to access their apps and other resources.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Unified Zero Trust Security<\/h3>\n\n\n\n<p>Conditional access policies layer on additional security that\u2019s not available through standard identity management integrations such as Active Directory or even with MFA alone. 探花大神 adds the option to restrict connections to managed devices and specified geographies, and enforces mandatory MFA for every login. It\u2019s a unified system for all of your access control requirements.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Smarter User Management<\/h3>\n\n\n\n<p>Access to a VPN (or admin group) is determined by group membership inside of 探花大神\u2019s cloud LDAP directory. IAM is in effect from the initial user onboarding via HRIS integrations (or SCIM provisioning), onward throughout the user\u2019s complete identity lifecycle. <\/p>\n\n\n\n<p>For instance, <a href=\"https:\/\/jumpcloud.com\/blog\/the-immediate-advantages-of-attribute-based-access-control\">attribute-based access control<\/a> (ABAC) can suggest new group members or identify when a user shouldn\u2019t have access to a particular resource if their role within your organization changes.<\/p>\n\n\n\n<p>This capability will function using 探花大神 by itself or in addition to existing directories such as Active Directory, Azure AD, or Google Workspace. The choice is up to the IT administrator.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"-anchor-1\">Integrate 探花大神 with Fortinet NSFWs, SSL VPN<\/h2>\n\n\n\n<p>Let\u2019s begin by outlining the Fortinet portion of the integration, followed by 探花大神\u2019s setup. It\u2019s helpful to have an understanding of Fortinet\u2019s command line interface (CLI) to streamline the process. It\u2019s possible to then use the GUI to make changes and verify your configurations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Fortinet Setup<\/h3>\n\n\n\n<p>The initial setup establishes the SAML service provider (Fortinet) and identity provider (探花大神). These settings must be identical when you enter them into the 探花大神 admin console in later steps to prevent SAML SSO integrations from producing unknown errors.<\/p>\n\n\n<p><code><\/p>\n\n\n\n<p># config user saml<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;edit &#8220;jumpcloud&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set cert &#8220;Fortinet_Factory&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set entity-id &#8220;&lt;IP or FQDN&gt;:8443\/remote\/saml\/metadata\/&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set single-sign-on-url &#8220;&lt;IP or FQDN&gt;:8443\/remote\/saml\/login\/&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set single-logout-url &#8220;&lt;IP or FQDN&gt;:8443\/remote\/saml\/logout\/&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set idp-entity-id &#8220;https:\/\/sso.jumpcloud.com\/saml2\/saml2\/探花大神Forti&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set idp-single-sign-on-url &#8220;https:\/\/sso.jumpcloud.com\/saml2\/探花大神Forti&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set idp-single-logout-url &#8220;https:\/\/console.jumpcloud.com\/userconsole&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set idp-cert &#8220;REMOTE_Cert_2&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;set user-name &#8220;email&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;next<\/p>\n\n\n\n<p>End<\/p>\n\n\n<p><\/code><\/p>\n\n\n\n<p>The GUI will display the following, with slight variations such as whether you\u2019ve previously imported a SSL certificate. This example lists \u201cREMOTE_Cert_3,\u201d but the difference is superficial. You may also opt to use a different attribute for authentication such as \u201cusername.\u201d<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"205\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/identityproviderconfig.jpg\" alt=\"Identity provider configuration for Fortinet\" class=\"wp-image-66068\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/identityproviderconfig.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/identityproviderconfig-300x103.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"261\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/editsinglesignon.jpg\" alt=\"Edit single sign-on \" class=\"wp-image-66069\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/editsinglesignon.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/editsinglesignon-300x131.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"182\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/additionalsamlattributes.jpg\" alt=\"Additional SAML attributes\" class=\"wp-image-66071\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/additionalsamlattributes.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/additionalsamlattributes-300x91.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p>Note that it\u2019s a best practice to replace the default unsigned SSL certificate with one that\u2019s issued by a certificate authority (CA). There\u2019s a built-in interface to use Let\u2019s Encrypt as your CA.<\/p>\n\n\n\n<p>Next, we\u2019re going to first configure the Fortigate SSO user group, followed by the optional step of establishing an SSL VPN configuration, authentication rule, and the requisite firewall rules.<\/p>\n\n\n<p><code><\/p>\n\n\n\n<p># config user group<\/p>\n\n\n\n<p>edit &#8220;ssl-saml-group&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set member &#8220;jc-saml-vpn&#8221;<\/p>\n\n\n\n<p>next<\/p>\n\n\n\n<p>End<\/p>\n\n\n<p><\/code><\/p>\n\n\n\n<p>These firewall rules, derived from a <a href=\"https:\/\/community.fortinet.com\/t5\/FortiGate\/Technical-Tip-Configuring-SAML-SSO-login-for-SSL-VPN-web-mode\/ta-p\/192259\">Fortinet support article<\/a>, are only applicable if you don\u2019t have an existing SSL VPN that has established access control lists and IP assignments. Skip this section if it doesn\u2019t apply.<\/p>\n\n\n<p><code><\/p>\n\n\n\n<p># config vpn ssl settings<\/p>\n\n\n\n<p>set servercert &#8220;self-sign&#8221;<\/p>\n\n\n\n<p>set tunnel-ip-pools &#8220;SSLVPN_TUNNEL_ADDR1&#8221;<\/p>\n\n\n\n<p>set tunnel-ipv6-pools &#8220;SSLVPN_TUNNEL_IPv6_ADDR1&#8221;<\/p>\n\n\n\n<p>set port 8443<\/p>\n\n\n\n<p>set source-interface &#8220;port1&#8221;<\/p>\n\n\n\n<p>set source-address &#8220;all&#8221;<\/p>\n\n\n\n<p>set source-address6 &#8220;all&#8221;<\/p>\n\n\n\n<p>set default-portal &#8220;web-access&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;# config authentication-rule<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; edit 1<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set groups &#8220;ssl-saml-group&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set portal &#8220;web-access&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; next<\/p>\n\n\n\n<p>end<\/p>\n\n\n\n<p>end<\/p>\n\n\n\n<p># config firewall policy<\/p>\n\n\n\n<p>edit 1<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set name &#8220;samltest\u201d<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set srcintf &#8220;ssl.root\u201d<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set srcaddr &#8220;all&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set dstaddr &#8220;all&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set action accept<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set schedule &#8220;always&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set service &#8220;ALL&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set logtraffic all<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set groups &#8220;ssl-saml-ngrp&#8221;<\/p>\n\n\n\n<p>&nbsp;&nbsp;&nbsp;&nbsp; set nat enable<\/p>\n\n\n\n<p>next<\/p>\n\n\n<p><\/code><\/p>\n\n\n\n<p>I followed the steps above for my initial setup in preparation for this article. I find it important to tune my configuration by specifying how IPs are assigned (as well as defining a range) and to modify whether users may access the VPN using FortiClient applications. <\/p>\n\n\n\n<p>However, you should consult your own policies and work with your Fortinet rep if you need any guidance on this. <\/p>\n\n\n\n<p>An example of a tuned configuration is shown below. <\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"301\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/ifconfiggroup.jpg\" alt=\"IF configuration group\" class=\"wp-image-66072\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/ifconfiggroup.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/ifconfiggroup-300x151.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"277\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/limitusersonesslvpn.jpg\" alt=\"Limit users to one SSL-VPN connection at a time\" class=\"wp-image-66073\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/limitusersonesslvpn.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/limitusersonesslvpn-300x139.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p>You\u2019re now ready to move on to the 探花大神 portion of the SSO integration, but keep your Fortinet instance open to retrieve SAML field information and your local SSL certificate.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"anchor-2\">探花大神 Setup<\/h3>\n\n\n\n<p>Your first task is to create a custom SSO connector for Fortinet, but be sure to check and see whether a pre-built connector is available to you. 探花大神 provides hundreds of free connectors as part of your subscription and regularly adds new ones for its users.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Create a SAML Connector<\/h4>\n\n\n\n<p>Navigate to the SSO button in the left panel of your administrative console and hit the \u201cplus\u201d sign. Then, select \u201cCustomer SAML App\u201d (if you\u2019ve searched for a Fortinet connector and there is not one present in the catalog). You may label your connector as well as create a color scheme and logo; this <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-applications-saml-sso2\" target=\"_blank\" rel=\"noreferrer noopener\">SAML how-to article<\/a> goes into greater detail about the steps that are outlined below.&nbsp;<\/p>\n\n\n\n<p>This is the one that we created for this article, as an example.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"330\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/saml2generalinfo.jpg\" alt=\"SAML 2.0 general info tab\" class=\"wp-image-66074\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/saml2generalinfo.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/saml2generalinfo-300x165.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p>The next step is to navigate to the SSO tab. You\u2019ll set an Entity ID that\u2019s unique to your organization\u2019s environment. It\u2019s important to note that this and all the other settings on this screen are case-sensitive on both systems; any typo will result in errors and the integration will fail. Note: It\u2019s a best practice to export\/import metadata, but that\u2019s not an option on the Fortigate GUI.<\/p>\n\n\n\n<ul>\n<li>Fill in the fields from the service provider (Fortinet appliance). They\u2019ll resemble, but will not be identical to these settings:<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"457\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/saml2sso.jpg\" alt=\"SAML 2.0 SSO tab\" class=\"wp-image-66075\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/saml2sso.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/saml2sso-300x229.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p><em>Be certain that the entries are identical to your appliance\u2019s settings.<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"623\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/editsinglesignon2.jpg\" alt=\"Verify settings in edit single sign-on\" class=\"wp-image-66076\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/editsinglesignon2.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/editsinglesignon2-289x300.jpg 289w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p><em>This is the view from Fortinet.<\/em><\/p>\n\n\n\n<ul>\n<li>Upload the local Fortinet certificate. Complete instructions for this step can be found in this <a href=\"https:\/\/community.fortinet.com\/t5\/FortiGate\/Technical-Tip-Procedure-for-exporting-and-re-importing-a-local\/ta-p\/193070\" target=\"_blank\" rel=\"noreferrer noopener\">Fortinet support article<\/a>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"97\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/fortinetfactorycertificate.jpg\" alt=\"Fortinet factory certificate\" class=\"wp-image-66077\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/fortinetfactorycertificate.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/fortinetfactorycertificate-300x49.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p>Set SAML Subject NameID as \u201cemail\u201d and select the format in the image below.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"155\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/samlsubjectnameid.jpg\" alt=\"SAML subject name ID\" class=\"wp-image-66078\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/samlsubjectnameid.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/samlsubjectnameid-300x78.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<ul>\n<li>Enter the Default RelayState and Login URL as shown below, but using your FQDN.\n<ul>\n<li>This login URL redirects logins to the 探花大神 User Portal for VPN web portal and tunnel sessions.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"471\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/ssodefaultrelaystate.jpg\" alt=\"SSO default relay state\" class=\"wp-image-66079\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/ssodefaultrelaystate.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/ssodefaultrelaystate-300x236.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<ul>\n<li>Set the user attribute to \u201cemail,\u201d or whichever you prefer to use and map it to \u201cemail.\u201d<\/li>\n<\/ul>\n\n\n\n<p>You will then activate the configuration, which may be modified later. Then, you\u2019ll download the 探花大神 SSL certificate to upload into Fortinet. Make certain the name matches the CLI configuration.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"anchor-3\">Assign Permissions within Groups<\/h4>\n\n\n\n<p>Navigate to the User Groups tab and add a group(s) that should have access to the VPN. The link below is a detailed guide for admins who are uninitiated with 探花大神.<\/p>\n\n\n\n<p><a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-groups\" target=\"_blank\" rel=\"noreferrer noopener\">Geting Started: User Groups<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"231\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/samlusergroups.jpg\" alt=\"SAML 2.0 user groups\" class=\"wp-image-66080\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/samlusergroups.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/samlusergroups-300x116.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p>You may also assign the \u201cFortinet\u201d application to a user group from that interface.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"164\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/fortinetapplications.jpg\" alt=\"Fortinet test applications\" class=\"wp-image-66081\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/fortinetapplications.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/fortinetapplications-300x82.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p>You should now be ready to test your SAML SSO integration.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"anchor-4\">Test Your Initial SSO Integration<\/h2>\n\n\n\n<p>Log in as a user that\u2019s bound to the group(s) that you associated with the SAML connector. You\u2019ll be prompted for your 探花大神 credentials and logged into the SSL VPN web portal if it\u2019s successful. <\/p>\n\n\n\n<p>You may also test using the Fortinet login page; it will redirect to 探花大神. This is an important step toward better security, because an attacker that uncovers your firewall\u2019s IP would be redirected to 探花大神 should they decide to attempt to breach it.<\/p>\n\n\n\n<p>You\u2019re also freed from establishing <a href=\"http:\/\/vpn.domain.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">vpn.domain.com<\/a> and can use a GUID or random subdomain.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"293\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/jcuserconsoleapplicationsfortinet.jpg\" alt=\"Fortinet application in 探花大神 user console\" class=\"wp-image-66082\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/jcuserconsoleapplicationsfortinet.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/jcuserconsoleapplicationsfortinet-300x147.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p><em>The VPN Portal will appear as an application within the user console.<\/em><\/p>\n\n\n\n<p>Type this command in the Fortinet CLI to verify connectivity:<\/p>\n\n\n\n<p># get vpn ssl monitor<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"113\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/fortinetclicommandline.jpg\" alt=\"Fortinet CLI command line\" class=\"wp-image-66083\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/fortinetclicommandline.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/fortinetclicommandline-300x57.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p><em>A user has successfully signed into the SSL VPN.<\/em><\/p>\n\n\n\n<p>FortiClient (optional), will redirect to the 探花大神 login for VPN tunnel access. Verify that the firewall allows traffic via port 8443; using that port helps to monitor traffic and won\u2019t clash with admin logins to the appliance of the standard port, 443.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"600\" height=\"479\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/07\/forticlientjclogin.jpg\" alt=\"FortiClient VPN application login with 探花大神\" class=\"wp-image-66084\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/forticlientjclogin.jpg 600w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/07\/forticlientjclogin-300x240.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<p><em>FortiClient loads a session to log into 探花大神.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"anchor-5\">Add 探花大神\u2019s Zero Trust Security<\/h2>\n\n\n\n<p>Additional Zero Trust security is available through <a href=\"https:\/\/jumpcloud.com\/platform\/conditional-access\" target=\"_blank\" rel=\"noreferrer noopener\">探花大神 Conditional Access<\/a>.<\/p>\n\n\n\n<p>Policies are assigned to existing groups or you may create dedicated groups for special requirements. Different groups may have different policies (or no policies). Policies include:<\/p>\n\n\n\n<ul>\n<li><strong>Geofencing:<\/strong> You may whitelist specific countries to access your VPN. Access from countries that aren\u2019t whitelisted will be disallowed.<\/li>\n\n\n\n<li><strong>Require 探花大神 managed devices:<\/strong> IAM is an important security control, but allowing unmanaged devices within the \u201cgates\u201d is akin to the Trojan horse breaching the walls. 探花大神 manages devices across every major OS.<\/li>\n\n\n\n<li><a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/Requiring-MFA-Factor-Types#ConditionalAccessPolicy\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Mandatory MFA<\/strong><\/a><strong>:<\/strong> MFA will challenge users to prove who they say they are using a TOTP code or Push MFA through the <a href=\"https:\/\/jumpcloud.com\/platform\/multi-factor-authentication-mfa\">探花大神 Protect<\/a>\u2122 application. You can determine which type in user setup (we recommend push for better ease of use).<\/li>\n<\/ul>\n\n\n\n<p>Retest your connectivity to ensure that everything works as it should.<\/p>\n\n\n\n<p>You\u2019re now finished integrating 探花大神 with your Fortinet appliance. Your SSL VPN is now remarkably more secure than if you weren\u2019t running with MFA or conditional access policies. Organizations that use Azure AD may utilize delegated authentication where the same Microsoft credentials that they use everywhere else will work with 探花大神 SSO (and more).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Try 探花大神 SSO with Conditional Access<\/h2>\n\n\n\n<p>Firewalls and VPNs are crucial components of perimeter-based security and should be protected. 探花大神 makes it easy to test and extend Azure or Okta with MFA and conditional access for Zero Trust security. <a href=\"http:\/\/console.jumpcloud.com\/signup\" target=\"_blank\" rel=\"noreferrer noopener\">Sign up for a trial of 探花大神 today<\/a> to get started.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>探花大神\u2019s IAM security controls supercharge firewall and SSL VPN security through its directory, conditional access, and MFA.<\/p>\n","protected":false},"author":150,"featured_media":66086,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2781],"tags":[2679,2701,2383,2678,2373,2391,2470,2374],"collection":[2779,2775],"platform":[],"funnel_stage":[3016],"coauthors":[2535],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Supercharge Fortinet NGFW Security with 探花大神 SSO - 探花大神<\/title>\n<meta name=\"description\" content=\"探花大神\u2019s IAM security controls supercharge firewall and SSL VPN security through its directory, conditional access, and MFA.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supercharge Fortinet NGFW Security with 探花大神 SSO and Conditional Access\" \/>\n<meta property=\"og:description\" content=\"探花大神\u2019s IAM security controls supercharge firewall and SSL VPN security through its directory, conditional access, and MFA.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access\" \/>\n<meta property=\"og:site_name\" content=\"探花大神\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-13T15:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-29T19:58:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/fortinetfeaturedimage.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access\"},\"author\":{\"name\":\"David Worthington\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\"},\"headline\":\"Supercharge Fortinet NGFW Security with 探花大神 SSO and Conditional Access\",\"datePublished\":\"2022-05-13T15:00:00+00:00\",\"dateModified\":\"2024-01-29T19:58:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access\"},\"wordCount\":1660,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/fortinetfeaturedimage.jpg\",\"keywords\":[\"firewalls\",\"fortinet\",\"multi-factor authentication (MFA)\",\"networking\",\"security\",\"SSO\",\"vpn\",\"zero trust\"],\"articleSection\":[\"How-To\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access\",\"url\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access\",\"name\":\"Supercharge Fortinet NGFW Security with 探花大神 SSO - 探花大神\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/fortinetfeaturedimage.jpg\",\"datePublished\":\"2022-05-13T15:00:00+00:00\",\"dateModified\":\"2024-01-29T19:58:13+00:00\",\"description\":\"探花大神\u2019s IAM security controls supercharge firewall and SSL VPN security through its directory, conditional access, and MFA.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/fortinetfeaturedimage.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/fortinetfeaturedimage.jpg\",\"width\":600,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Supercharge Fortinet NGFW Security with 探花大神 SSO and Conditional Access\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"探花大神\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"探花大神\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"探花大神\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\",\"name\":\"David Worthington\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"caption\":\"David Worthington\"},\"description\":\"I'm the 探花大神 Champion for Product, Security. 探花大神 and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\",\"david.worthington@jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Supercharge Fortinet NGFW Security with 探花大神 SSO - 探花大神","description":"探花大神\u2019s IAM security controls supercharge firewall and SSL VPN security through its directory, conditional access, and MFA.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access","og_locale":"en_US","og_type":"article","og_title":"Supercharge Fortinet NGFW Security with 探花大神 SSO and Conditional Access","og_description":"探花大神\u2019s IAM security controls supercharge firewall and SSL VPN security through its directory, conditional access, and MFA.","og_url":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access","og_site_name":"探花大神","article_published_time":"2022-05-13T15:00:00+00:00","article_modified_time":"2024-01-29T19:58:13+00:00","og_image":[{"width":600,"height":400,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/fortinetfeaturedimage.jpg","type":"image\/jpeg"}],"author":"David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Worthington","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access"},"author":{"name":"David Worthington","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e"},"headline":"Supercharge Fortinet NGFW Security with 探花大神 SSO and Conditional Access","datePublished":"2022-05-13T15:00:00+00:00","dateModified":"2024-01-29T19:58:13+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access"},"wordCount":1660,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/fortinetfeaturedimage.jpg","keywords":["firewalls","fortinet","multi-factor authentication (MFA)","networking","security","SSO","vpn","zero trust"],"articleSection":["How-To"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access","url":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access","name":"Supercharge Fortinet NGFW Security with 探花大神 SSO - 探花大神","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/fortinetfeaturedimage.jpg","datePublished":"2022-05-13T15:00:00+00:00","dateModified":"2024-01-29T19:58:13+00:00","description":"探花大神\u2019s IAM security controls supercharge firewall and SSL VPN security through its directory, conditional access, and MFA.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/fortinetfeaturedimage.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/fortinetfeaturedimage.jpg","width":600,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/supercharge-fortinet-vpn-security-with-mfa-sso-and-conditional-access#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Supercharge Fortinet NGFW Security with 探花大神 SSO and Conditional Access"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"探花大神","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"探花大神","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"探花大神"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e","name":"David Worthington","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411","url":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","caption":"David Worthington"},"description":"I'm the 探花大神 Champion for Product, Security. 探花大神 and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.","sameAs":["https:\/\/jumpcloud.com\/blog","david.worthington@jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/62903"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=62903"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/62903\/revisions"}],"predecessor-version":[{"id":104324,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/62903\/revisions\/104324"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/66086"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=62903"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=62903"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=62903"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=62903"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=62903"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=62903"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=62903"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}