Fortinet black logo

Administration Guide

OAUTH

OAUTH

FortiAuthenticator can be configured to connect to remote OAuth servers to dynamically look up group memberships from third-party SAML identify providers, such as G Suite and Azure, for SAML SP FSSO.

To add a remote OAuth Server:
  1. Go to Authentication > Remote Auth. Servers > OAUTH and select Create New.
  2. The Create New Remote OAuth Server window appears.

  3. Enter the following information:
    Name Enter the name for the remote OAuth server on FortiAuthenticator.
    OAuth source

    Select Facebook, Google, LinkedIn, Twitter, Azure Directory, or G Suite Directory as the OAuth source.

    For Facebook, Google, LinkedIn, and Twitter, enter the Key and Secret for the selected OAuth source.

    For Azure Directory, enter the Client ID and Client Key for the Azure Directory.

    For G Suite Directory, enter the G-suite admin and select and upload the Service account key file (.json) for the G Suite Directory.

    Key

    Enter the OAuth application key for the selected OAuth source. This option is only available when Facebook, Google, LinkedIn, or Twitter is selected as an OAuth source.

    Secret

    Enter the OAuth application secret for the selected OAuth source .This option is only available when Facebook, Google, LinkedIn, or Twitter is selected as an OAuth source.

    Client ID

    Enter the application ID for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

    Client Key

    Enter the key for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

    G-suite admin

    Enter the G Suite admin username for the G Suite Directory application. This option is only available when G Suite Directory is selected as an OAuth source.

    Service account key file (.json)

    Select and upload the service account key file for the G Suite Directory application, obtained from the Google developers portal. This option is only available when G Suite Directory is selected as an OAuth source.

  4. Select OK to add the remote OAuth server.

OAUTH

FortiAuthenticator can be configured to connect to remote OAuth servers to dynamically look up group memberships from third-party SAML identify providers, such as G Suite and Azure, for SAML SP FSSO.

To add a remote OAuth Server:
  1. Go to Authentication > Remote Auth. Servers > OAUTH and select Create New.
  2. The Create New Remote OAuth Server window appears.

  3. Enter the following information:
    Name Enter the name for the remote OAuth server on FortiAuthenticator.
    OAuth source

    Select Facebook, Google, LinkedIn, Twitter, Azure Directory, or G Suite Directory as the OAuth source.

    For Facebook, Google, LinkedIn, and Twitter, enter the Key and Secret for the selected OAuth source.

    For Azure Directory, enter the Client ID and Client Key for the Azure Directory.

    For G Suite Directory, enter the G-suite admin and select and upload the Service account key file (.json) for the G Suite Directory.

    Key

    Enter the OAuth application key for the selected OAuth source. This option is only available when Facebook, Google, LinkedIn, or Twitter is selected as an OAuth source.

    Secret

    Enter the OAuth application secret for the selected OAuth source .This option is only available when Facebook, Google, LinkedIn, or Twitter is selected as an OAuth source.

    Client ID

    Enter the application ID for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

    Client Key

    Enter the key for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

    G-suite admin

    Enter the G Suite admin username for the G Suite Directory application. This option is only available when G Suite Directory is selected as an OAuth source.

    Service account key file (.json)

    Select and upload the service account key file for the G Suite Directory application, obtained from the Google developers portal. This option is only available when G Suite Directory is selected as an OAuth source.

  4. Select OK to add the remote OAuth server.