If required, SSO can be based on RADIUS accounting records. The FortiAuthenticator receives RADIUS accounting packets from a carrier RADIUS server or network device, such as a wireless controller, collects additional group information, and then inserts it into FSSO to be used by multiple FortiGate devices for identity based policies.
The FortiAuthenticator must be configured as a RADIUS accounting client to the RADIUS server.
To view the RADIUS accounting SSO client list, go to Fortinet SSO Methods > SSO > RADIUS Accounting Sources.
- From the RADIUS accounting SSO client list, select Create New. The Create New RADIUS Accounting SSO Client window opens.
- Enter the following information:
- Select OK to apply the changes.
- Enable RADIUS accounting SSO clients by going to Fortinet SSO Methods > SSO > General and selecting Enable RADIUS Accounting SSO clients. See General settings.
|Name||Enter a name in the Name field to identify the RADIUS accounting client on the FortiAuthenticator.|
|Client name/IP||Enter the RADIUS accounting client’s FQDN or IP address.|
|Secret||Enter the RADIUS accounting client’s pre-shared key.|
|Description||Optionally, enter a description of the client.|
|SSO user type||Specify the type of user that the client will provide: external, local, or remote (LDAP server must be selected from the dropdown menu).|
|Strip off prefix or suffix from username if any||Enable to strip prefixes and suffixes from the SSO usernames.|
|RADIUS Attributes||If required, customize the username, client IP, and user group RADIUS attributes to match the ones used in the incoming RADIUS accounting records. See RADIUS attributes.|