Fortinet black logo

Cookbook

5.5.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.0
5.5.0

Configuring FSSO and SAML on the FortiAuthenticator

Configuring FSSO and SAML on the FortiAuthenticator

  1. Identify where the FortiAuthenticator is in your organization’s DNS hierarchy. On the FortiAuthenticator go to System > Dashboard > Status. Change the Device FQDN to fac.school.net.

  2. Enter the same name for the Host Name.

  3. Configure the FortiAuthenticator as the FSSO server for the FortiGate. Go to Fortinet SSO Methods > SSO > General and set FortiGate SSO options. Make sure to Enable authentication.

    4. Enter a Secret key and select OK to apply your changes.

  4. Then enable the SAML authentication portal. Go to Fortinet SSO Methods > SSO > SAML Authentication and select Enable SAML portal.

    5. You will not yet be able to save the settings in this page, as other IdP information — IDP entity id, IDP single sign-on URL, and IDP certificate fingerprint — needs to be entered. These fields can be filled once the IdP application configuration is complete.

    The FortiAuthenticator generates the following SAML portal URLs. You will add them to your IdP application configuration:

  • Portal url - Captive Portal URL.
  • Entity id
  • ACS (Login) url - Assertion POST URL used by the SAML IdP.

To determine user group membership, enable Text-based list under SAML assertions and enter Memberof (this field is case-sensitive).

Keep the Edit SAML Portal Settings window open for reference when you are configuring the IdP application and for testing.

Previous
Next

Configuring FSSO and SAML on the FortiAuthenticator

  1. Identify where the FortiAuthenticator is in your organization’s DNS hierarchy. On the FortiAuthenticator go to System > Dashboard > Status. Change the Device FQDN to fac.school.net.

  2. Enter the same name for the Host Name.

  3. Configure the FortiAuthenticator as the FSSO server for the FortiGate. Go to Fortinet SSO Methods > SSO > General and set FortiGate SSO options. Make sure to Enable authentication.

    4. Enter a Secret key and select OK to apply your changes.

  4. Then enable the SAML authentication portal. Go to Fortinet SSO Methods > SSO > SAML Authentication and select Enable SAML portal.

    5. You will not yet be able to save the settings in this page, as other IdP information — IDP entity id, IDP single sign-on URL, and IDP certificate fingerprint — needs to be entered. These fields can be filled once the IdP application configuration is complete.

    The FortiAuthenticator generates the following SAML portal URLs. You will add them to your IdP application configuration:

  • Portal url - Captive Portal URL.
  • Entity id
  • ACS (Login) url - Assertion POST URL used by the SAML IdP.

To determine user group membership, enable Text-based list under SAML assertions and enter Memberof (this field is case-sensitive).

Keep the Edit SAML Portal Settings window open for reference when you are configuring the IdP application and for testing.

Previous
Next