Authentication
The FortiAnalyzer system supports authentication of administrators locally, remotely with RADIUS, LDAP, or TACACS+ servers, and using PKI. Remote authentication servers can also be added to authentication groups that administrators can use for authentication.
Security Assertion Markup Language (SAML) authentication can be enabled across all Security Fabric devices, enabling smooth movement between devices for the administrator. FortiAnalyzer can play the role of the identity provider (IdP) or the service provider (SP) when an external identity provider is available. See SAML admin authentication.
To use PKI authentication, you must configure the authentication before you create the administrator accounts. See Public Key Infrastructure for more information.
To use remote authentication servers, you must configure the appropriate server entries in the FortiAnalyzer unit for each authentication server in your network. New LDAP remote authentication servers can be added and linked to all ADOMs or specific ADOMs. See LDAP servers, RADIUS servers, TACACS+ servers, and Remote authentication server groups for more information.