SAML integration to Microsoft Entra ID with VPN authentication

Options
Rebbe
Rebbe Posts: 3 image  Freshman Member
First Comment Friend Collector
in Security Ideas

We would like to request the implementation of SAML 2.0 support in the Zyxel USG H Series firewalls to enable Client VPN authentication via Microsoft Entra ID.

Currently, achieving this setup requires our customers to deploy a costly Site-to-Site VPN to Azure and maintain Microsoft Entra Domain Services, which adds complexity and expense. Competing vendors, such as Fortinet, offer native support for SAML 2.0 in their firewalls, making it significantly easier to integrate with modern identity providers like Microsoft Entra ID.

We believe that adding SAML 2.0 support to Zyxel’s product line would greatly enhance its competitiveness and usability in modern cloud-integrated environments.

4
Up Down
4 votes

Active · Last Updated

Comments

  • Zyxel_Tina
    Zyxel_Tina Posts: 637 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers 500 Comments

    Hi @Rebbe,

    Thank you for your input!

    After checking, Microsoft Entra ID integration will be supported in the next firmware release (v1.37). Please note that this implementation will use OAuth 2.0 instead of SAML 2.0.

    Zyxel Tina

  • Zulgrib
    Zulgrib Posts: 48 image  Freshman Member
    First Answer First Comment Friend Collector Fifth Anniversary

    Will it be generic OAuth 2.0 or Entra specific ?

  • Rebbe
    Rebbe Posts: 3 image  Freshman Member
    First Comment Friend Collector
    https://community.zyxel.com/en/discussion/comment/81617#Comment_81617

    Hi Tina. Once again, I just have to say that Zyxel is disappointing. Only SSL VPN is supported in the new version 1.37 firmware 🙄🙄🙄. We need IPsec Client VPN to be able to log in using Microsoft Entra ID — why isn’t that just a standard feature? I really don’t understand it.

  • Zyxel_Tina
    Zyxel_Tina Posts: 637 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers 500 Comments

    Hi @Rebbe,

    Thank you for your feedback—we truly appreciate it and understand your frustration with the VPN options in firmware 1.37.

    After checking, we confirm that IPsec Client VPN with Microsoft Entra ID integration requires extensive customization, which is not in our current roadmap. We're focusing on enhancing SSL VPN as the standard, secure solution instead.

    Therefore, please use SSL VPN with Microsoft Entra ID. Alternatively, if you would like to use 2FA, you may refer to this article to integrate VPN client authentication with Duo Security’s 2FA:

    https://community.zyxel.com/en/discussion/31986/duo-security-authentication-integration-guide

    Zyxel Tina

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)