When setting up a Fortinet RADIUS app in Okta and assigning it to a certain user/group, that user is not able to access the VPN, and the FortiGate logs show invalid credentials. The following error is seen in the logs: 

Login denied. No matching user is assigned to RADIUS App Fortinet FortiGate

• RADIUS App - Fortinet
• Okta Classic Engine

1. Navigate to the Fortinet RADIUS app in question.
2. Click on the Sign On tab > Edit > change the Application username format to AD SAM Account Name (to match the AD username).

3. Next, unassign all the current users (if any) and reassign them again to reflect the correct username format.