- Go to Authentication > RADIUS Service > Policies, and click Create New.
- Under RADIUS clients, set the following and then click Next:
- Policy Name: Enter a name for the policy, for example EAP-TLS Policy G Suite.
- Description: Enter an optional description, for example EAP-TLS Policy for User Authentication.
RADIUS Clients: Add the FortiGate to the Chosen RADIUS Clients section.
- Under RADIUS attribute criteria, click Next without making changes.
- Under Authentication type, select Client Certificates (EAP-TLS), and click Next.
- Under Identity source, set the following and then click Next:
- Username format: Select your preferred format, for example username@realm.
Realms: Select the realm that you set up to communicate with ldap.google.com, for example fortixpert.com.
- Under Authentication factors, click Next without making changes.
- Under RADIUS response, validate that the EAP-TLS response is as expected, and click Save and exit.