Fortinet Document Library
Version:
6.4.0
6.3.0
6.2.0
Version:
6.1.0
6.0.0
5.5.0
Table of Contents
Certificate management
FortiAuthenticator as a Certificate Authority
Creating a new CA on the FortiAuthenticator
Installing the CA on the network
Creating a CSR on the FortiGate
Importing and signing the CSR on the FortiAuthenticator
Importing the local certificate to the FortiGate
Configuring the certificate for the GUI
Results
FortiAuthenticator certificate with SSL inspection
Creating a CSR on the FortiGate
Creating an Intermediate CA on the FortiAuthenticator
Importing the signed certificate on the FortiGate
Configuring full SSL inspection
Results
FortiAuthenticator certificate with SSL inspection using an HSM
Configuring the NetHSM profile on FortiAuthenticator
Creating a local CA certificate using an HSM server
Creating a CSR on the FortiGate
Creating an Intermediate CA on the FortiAuthenticator
Importing the signed certificate on the FortiGate
Configuring full SSL inspection
Results
FortiToken and FortiToken Mobile
FortiToken Mobile Push for SSL VPN
Adding a FortiToken to the FortiAuthenticator
Adding the user to the FortiAuthenticator
Creating the RADIUS client and policy on the FortiAuthenticator
Connecting the FortiGate to the RADIUS server
Configuring the SSL-VPN
Results
Guest Portals
FortiAuthenticator as Guest Portal for FortiWLC
Creating the FortiAuthenticator as RADIUS server on the FortiWLC
Creating the Captive Portal profile on the FortiWLC
Creating the security profile on the FortiWLC
Creating the QoS rule on the FortiWLC
Creating the ESS Profile on the FortiWLC
Creating FortiWLC as RADIUS client on the FortiAuthenticator
Creating the portal and access point on FortiAuthenticator
Creating the portal policy on FortiAuthenticator
Results
MAC authentication bypass
MAC authentication bypass with dynamic VLAN assignment
Configuring MAC authentication bypass on the FortiAuthenticator
Configuring the user group
Configuring RADIUS settings on FortiAuthenticator
Configuring the 3rd-party switch
Results
Self-service Portal
FortiAuthenticator user self-registration
Creating a self-registration user group
Enabling self-registration
Creating a new SMTP server
Results - Self-registration
Results - Administrator approval
VPNs
LDAP authentication for SSL VPN with FortiAuthenticator
Creating the user and user group on the FortiAuthenticator
Creating the LDAP directory tree on the FortiAuthenticator
Connecting the FortiGate to the LDAP server
Creating the LDAP user group on the FortiGate
Configuring the SSL-VPN
Results
SMS two-factor authentication for SSL VPN
Creating an SMS user and user group on the FortiAuthenticator
Configuring the FortiAuthenticator RADIUS client
Configuring the FortiGate authentication settings
Configuring the SSL-VPN
Creating the security policy for VPN access to the Internet
Results
WiFi authentication
Assigning WiFi users to VLANs dynamically
Configuring the FortiAuthenticator
Adding the RADIUS server to the FortiGate
Creating an SSID with dynamic VLAN assignment
Creating the VLAN interfaces
Creating security policies
Creating the FortiAP profile
Connecting and authorizing the FortiAP
Results
WiFi using FortiAuthenticator RADIUS with certificates
Creating a local CA on FortiAuthenticator
Creating a local service certificate on FortiAuthenticator
Configuring RADIUS EAP on FortiAuthenticator
Configuring RADIUS client on FortiAuthenticator
Configuring local user on FortiAuthenticator
Configuring local user certificate on FortiAuthenticator
Creating RADIUS server on FortiGate
Creating WiFi SSID on FortiGate
Exporting user certificate from FortiAuthenticator
Importing user certificate into Windows 10
Configuring Windows 10 wireless profile to use certificate
Results
WiFi RADIUS authentication with FortiAuthenticator
Creating users and user groups on the FortiAuthenticator
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Configuring FortiGate to use the RADIUS server
Creating SSID and set up authentication
Connecting and authorizing the FortiAP
Creating the security policy
Results
WiFi with WSSO using FortiAuthenticator RADIUS and Attributes
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Creating users on the FortiAuthenticator
Creating user groups on the FortiAuthenticator
Configuring the FortiGate to use the FortiAuthenticator as the RADIUS server
Configuring user groups on the FortiGate
Creating security policies
Configuring the SSID to RADIUS authentication
Results
LDAP Authentication
G Suite integration using LDAP
Generating the G Suite certificate
Importing the certificate to FortiAuthenticator
Configuring LDAP on the FortiAuthenticator
Troubleshooting
SAML Authentication
SAML IdP proxy for Azure
Configuring OAuth settings
Configuring the remote SAML server
Enabling the SAML SP FSSO Portal
Configuring an Azure realm
Configuring SAML IdP settings
Configuring the login page replacement message
Results
SAML IdP proxy for G Suite
Configuring OAuth settings
Configuring the remote SAML server
Enabling the SAML SP FSSO Portal
Configuring a G Suite Realm
Configuring IdP settings
Configuring the login page replacement message
Results
SAML FSSO with FortiAuthenticator and Okta
Configuring DNS and FortiAuthenticator's FQDN
Enabling FSSO and SAML on FortiAuthenticator
Configuring the Okta developer account IdP application
Importing the IdP certificate and metadata on FortiAuthenticator
Configuring FSSO on FortiGate
Office 365 SAML authentication using FortiAuthenticator with 2FA
Configure the remote LDAP server on FortiAuthenticator
Configure SAML settings on FortiAuthenticator
Configure two-factor authentication on FortiAuthenticator
Configure the domain and SAML SP in Microsoft Azure AD PowerShell
Configure Microsoft Azure AD Connect
Results
FortiGate SSL VPN with FortiAuthenticator as the IdP proxy for Azure
Configuring Azure
Configuring FortiAuthenticator
Configuring FortiGate
Results
Computer Authentication
Computer authentication using FortiAuthenticator with MS AD Root CA
Configure the certificates and Root CA
Configure LDAP users on FortiAuthenticator
Configuring the LDAP server
Creating a user realm
Creating a user group
Importing users with a remote user sync rule
Configure RADIUS authentication
Adding RADIUS attributes
Configuring the RADIUS client
Configuring the EAP server certificate
Creating a RADIUS policy
Configuring the RADIUS server on FortiGate
Configure the SSID and interface objects
Results
WiFi onboarding using FortiAuthenticator Smart Connect
Initial settings on FortiAuthenticator
Install certificates
Configure the RADIUS client settings
Configure the local root CA
Configure the EAP server certificate and CA for EAP-TLS
Option A - WiFi onboarding with Smart Connect and G Suite
Configure G Suite LDAPS Integration
Provision the LDAP connector in G Suite
Configure certificates on FortiAuthenticator
Configure the remote LDAP server and users
Configure Smart Connect and the captive portal
Create the Smart Connect profile
Create the captive portal
Create the self-service portal policy
Configure RADIUS settings on FortiAuthenticator
Option B - WiFi onboarding with Smart Connect and Azure
Configure Azure AD DS LDAPS integration
Provision the LDAPS connector in Azure AD DS
Provision the remote LDAP server on FortiAuthenticator
Configure Smart Connect and the captive portal
Create the Smart Connect profile
Create the captive portal
Create the self-service portal policy
Configure RADIUS settings on FortiAuthenticator
FortiGate configuration
Configure the RADIUS server on FortiGate
Create the user group for cloud-based directory user accounts
Provision the Onboarding and Secure WiFi networks
Results
Smart Connect Windows device onboarding process
Smart Connect iOS device onboarding process
Change Log
Home
FortiAuthenticator 6.3.0
Cookbook
Cookbook
Certificate management
FortiAuthenticator as a Certificate Authority
Creating a new CA on the FortiAuthenticator
Installing the CA on the network
Creating a CSR on the FortiGate
Importing and signing the CSR on the FortiAuthenticator
Importing the local certificate to the FortiGate
Configuring the certificate for the GUI
Results
FortiAuthenticator certificate with SSL inspection
Creating a CSR on the FortiGate
Creating an Intermediate CA on the FortiAuthenticator
Importing the signed certificate on the FortiGate
Configuring full SSL inspection
Results
FortiAuthenticator certificate with SSL inspection using an HSM
Configuring the NetHSM profile on FortiAuthenticator
Creating a local CA certificate using an HSM server
Creating a CSR on the FortiGate
Creating an Intermediate CA on the FortiAuthenticator
Importing the signed certificate on the FortiGate
Configuring full SSL inspection
Results
FortiToken and FortiToken Mobile
FortiToken Mobile Push for SSL VPN
Adding a FortiToken to the FortiAuthenticator
Adding the user to the FortiAuthenticator
Creating the RADIUS client and policy on the FortiAuthenticator
Connecting the FortiGate to the RADIUS server
Configuring the SSL-VPN
Results
Guest Portals
FortiAuthenticator as Guest Portal for FortiWLC
Creating the FortiAuthenticator as RADIUS server on the FortiWLC
Creating the Captive Portal profile on the FortiWLC
Creating the security profile on the FortiWLC
Creating the QoS rule on the FortiWLC
Creating the ESS Profile on the FortiWLC
Creating FortiWLC as RADIUS client on the FortiAuthenticator
Creating the portal and access point on FortiAuthenticator
Creating the portal policy on FortiAuthenticator
Results
MAC authentication bypass
MAC authentication bypass with dynamic VLAN assignment
Configuring MAC authentication bypass on the FortiAuthenticator
Configuring the user group
Configuring RADIUS settings on FortiAuthenticator
Configuring the 3rd-party switch
Results
Self-service Portal
FortiAuthenticator user self-registration
Creating a self-registration user group
Enabling self-registration
Creating a new SMTP server
Results - Self-registration
Results - Administrator approval
VPNs
LDAP authentication for SSL VPN with FortiAuthenticator
Creating the user and user group on the FortiAuthenticator
Creating the LDAP directory tree on the FortiAuthenticator
Connecting the FortiGate to the LDAP server
Creating the LDAP user group on the FortiGate
Configuring the SSL-VPN
Results
SMS two-factor authentication for SSL VPN
Creating an SMS user and user group on the FortiAuthenticator
Configuring the FortiAuthenticator RADIUS client
Configuring the FortiGate authentication settings
Configuring the SSL-VPN
Creating the security policy for VPN access to the Internet
Results
WiFi authentication
Assigning WiFi users to VLANs dynamically
Configuring the FortiAuthenticator
Adding the RADIUS server to the FortiGate
Creating an SSID with dynamic VLAN assignment
Creating the VLAN interfaces
Creating security policies
Creating the FortiAP profile
Connecting and authorizing the FortiAP
Results
WiFi using FortiAuthenticator RADIUS with certificates
Creating a local CA on FortiAuthenticator
Creating a local service certificate on FortiAuthenticator
Configuring RADIUS EAP on FortiAuthenticator
Configuring RADIUS client on FortiAuthenticator
Configuring local user on FortiAuthenticator
Configuring local user certificate on FortiAuthenticator
Creating RADIUS server on FortiGate
Creating WiFi SSID on FortiGate
Exporting user certificate from FortiAuthenticator
Importing user certificate into Windows 10
Configuring Windows 10 wireless profile to use certificate
Results
WiFi RADIUS authentication with FortiAuthenticator
Creating users and user groups on the FortiAuthenticator
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Configuring FortiGate to use the RADIUS server
Creating SSID and set up authentication
Connecting and authorizing the FortiAP
Creating the security policy
Results
WiFi with WSSO using FortiAuthenticator RADIUS and Attributes
Registering the FortiGate as a RADIUS client on the FortiAuthenticator
Creating users on the FortiAuthenticator
Creating user groups on the FortiAuthenticator
Configuring the FortiGate to use the FortiAuthenticator as the RADIUS server
Configuring user groups on the FortiGate
Creating security policies
Configuring the SSID to RADIUS authentication
Results
LDAP Authentication
G Suite integration using LDAP
Generating the G Suite certificate
Importing the certificate to FortiAuthenticator
Configuring LDAP on the FortiAuthenticator
Troubleshooting
SAML Authentication
SAML IdP proxy for Azure
Configuring OAuth settings
Configuring the remote SAML server
Enabling the SAML SP FSSO Portal
Configuring an Azure realm
Configuring SAML IdP settings
Configuring the login page replacement message
Results
SAML IdP proxy for G Suite
Configuring OAuth settings
Configuring the remote SAML server
Enabling the SAML SP FSSO Portal
Configuring a G Suite Realm
Configuring IdP settings
Configuring the login page replacement message
Results
SAML FSSO with FortiAuthenticator and Okta
Configuring DNS and FortiAuthenticator's FQDN
Enabling FSSO and SAML on FortiAuthenticator
Configuring the Okta developer account IdP application
Importing the IdP certificate and metadata on FortiAuthenticator
Configuring FSSO on FortiGate
Office 365 SAML authentication using FortiAuthenticator with 2FA
Configure the remote LDAP server on FortiAuthenticator
Configure SAML settings on FortiAuthenticator
Configure two-factor authentication on FortiAuthenticator
Configure the domain and SAML SP in Microsoft Azure AD PowerShell
Configure Microsoft Azure AD Connect
Results
FortiGate SSL VPN with FortiAuthenticator as the IdP proxy for Azure
Configuring Azure
Configuring FortiAuthenticator
Configuring FortiGate
Results
Computer Authentication
Computer authentication using FortiAuthenticator with MS AD Root CA
Configure the certificates and Root CA
Configure LDAP users on FortiAuthenticator
Configuring the LDAP server
Creating a user realm
Creating a user group
Importing users with a remote user sync rule
Configure RADIUS authentication
Adding RADIUS attributes
Configuring the RADIUS client
Configuring the EAP server certificate
Creating a RADIUS policy
Configuring the RADIUS server on FortiGate
Configure the SSID and interface objects
Results
WiFi onboarding using FortiAuthenticator Smart Connect
Initial settings on FortiAuthenticator
Install certificates
Configure the RADIUS client settings
Configure the local root CA
Configure the EAP server certificate and CA for EAP-TLS
Option A - WiFi onboarding with Smart Connect and G Suite
Configure G Suite LDAPS Integration
Provision the LDAP connector in G Suite
Configure certificates on FortiAuthenticator
Configure the remote LDAP server and users
Configure Smart Connect and the captive portal
Create the Smart Connect profile
Create the captive portal
Create the self-service portal policy
Configure RADIUS settings on FortiAuthenticator
Option B - WiFi onboarding with Smart Connect and Azure
Configure Azure AD DS LDAPS integration
Provision the LDAPS connector in Azure AD DS
Provision the remote LDAP server on FortiAuthenticator
Configure Smart Connect and the captive portal
Create the Smart Connect profile
Create the captive portal
Create the self-service portal policy
Configure RADIUS settings on FortiAuthenticator
FortiGate configuration
Configure the RADIUS server on FortiGate
Create the user group for cloud-based directory user accounts
Provision the Onboarding and Secure WiFi networks
Results
Smart Connect Windows device onboarding process
Smart Connect iOS device onboarding process
Change Log
6.3.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.0
5.5.0
Download PDF
Copy Link
LDAP Authentication
This section describes configuring LDAP authentication.
LDAP Authentication
This section describes configuring LDAP authentication.
Link
PDF
TOC
