send AD Group to Radius client as attribute in Multi-Factor Authentication Server

Question

I have a Multi-Factor Authentication Server (ver. 8.0.1.1) and I want to integrate MFA to client Vpn with my fortigate. (FortiClient app on users machines). I already set it with directory integration and radius authentication on mfa server and it works fine. But I need to send ad group attribute to my radius client (fortigate) to create multipule network rules.

Is there any ideas how to provide group attribute?

Any suggestions or articles, Thanks!

Answer 1

@Оразгалиев Ерлан Discussed your issue with my team, below steps should help you to achieve your ask

Configuring RADIUS Attributes:

To complete Radius Authentication, you must configure Multi-Factor Authentication Server in a 6 step process: 

Step 1: Configuring RADIUS clients, such as a VPN

Step 2: Configuring Targets for primary authentication

Step 3: Configuring Attributes for the RADIUS response

Step 4: Configuring Multi-Factor Authentication servers

Step 5: Configuring your RADIUS Client to communicate with Multi-Factor Authentication Server

Step 6: Configuring your RADIUS Server to accept requests from Multi-Factor Authentication Server

Adding, Editing, and Removing Attributes:

This optional step is only necessary if the RADIUS target specified is Windows Domain or LDAP Bind and the RADIUS client expects certain RADIUS attributes to be included in the response.

To work with the Attributes tab:

From the Multi-Factor Authentication Server window, click the RADIUS, Remote Authentication Dial In User Service Authentication icon.

Select the Attributes tab.

Make your selections on the Attributes tab. (Options include Adding, Editing, and Removing Attributes.)

This is talked about in the Help file of the MFA Server, hopefully that helps.

Let me know if you have any further questions, feel free to post back.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.