Fortigate SSL-VPN Bookmark with Single Sign-On to OWA

When setting up the VPN portal(s) for employees on a FortiGate, you can define bookmarks.

A bookmark is an icon showing up on the VPN portal after the user has logged in. By clicking on such a bookmark, the user can then access internal resources like file servers or start a remote connection to a server via RDP, SSH and so on.

All traffic from the user’s computer to the requested target is tunneled through the SSL connection to the FortiGate. this means that no other ports than TCP 443 are used to access the various services.

During the creation of these bookmarks, you can define, whether or not you want to pre-define the credentials for the respective connection. If you want to (and the target system supports it) you can enable Single Sign-On (SSO) in order to forward the credentials that were used to log into the VPN tunnel.

One of the bookmarks, many people struggle with is Outlook Web App (OWA).

In order to be able to use SSO and forward the VPN tunnel credentials to OWA, you need to use the following URL in the bookmark:

https://<URL of your Exchange Server>/owa/auth/logon.aspx?replaceCurrent=1

Using this URL in a bookmark does not only paste the credentials used for the VPN tunnel into the login page of OWA, but also automatically opens the user’s mailbox.

Thanks for reading,


Leave a Comment