Creating a realm and RADIUS policy with EAP-TTLS authentication
To create a realm for the Google Workspace LDAP server:
- Go to Authentication > User Management > Realms, click Create New.
- Enter a Name for the realm.
The realm name may only contain letters, numbers, periods, hyphens, and underscores. It cannot start or end with a special character.
- Select the previously set Google Workspace LDAP server for the realm from the User source dropdown.
- Click OK to create the new realm.
To create a RADIUS policy:
- In Authentication > RADIUS Service > Policies, click Create New.
- For RADIUS clients, enter an identifiable policy name and description, and add the newly created RADIUS client to the policy. Click Next.
- For RADIUS attribute criteria, no settings are required. Click Next.
- For Authentication type, select Password/OTP authentication, enable Accept EAP, then enable EAP-TTLS. Click Next.
This allows using EAP-TTLS and PAP in the user's device Wireless settings.
- For Authentication type, select Password/OTP authentication, enable Accept EAP, then enable EAP-TTLS. Click Next.
- For Identity source, choose a username format, and select the realm related to Google Workspace Secure LDAP. Click Next.
- For Authentication factors, select Every configured password and OTP factors, and click Next.
In this menu you can also enable the option to Allow FortiToken Mobile push notifications.
- For RADIUS response, review the policy, and click Save and exit.