Fortinet black logo

Cookbook

6.4.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.0
5.5.0

Creating a remote SAML server

Creating a remote SAML server

To create a remote SAML server:
  1. Go to Authentication > Remote Auth. Servers > SAML and select Create New.

    The Create New Remote SAML Server window opens.

  2. Enter a name for the remote SAML server.

    The name of the remote SAML server is then used when configuring SAML single sign-on in Azure.

  3. Select Type as FSSO.

    The Portal URL is the Sign on URL in the SAML-based Sign-on window in Azure Active Directory > Enterprise applications on the Azure portal.

  4. In Entity ID, enter the SAML SP entity ID.

    The Entity ID is the Identifier (Entity ID) in the Azure portal.

  5. In IdP entity ID, enter the unique name of the SAML IdP.

    The IdP entity ID is Azure AD Identifier in the Azure portal.

  6. In IdP single sign-on URL, enter the identity provider portal URL you want to use for SSO.

    The IdP single sign-on URL is Login URL in the Azure portal.

  7. In IdP certificate fingerprint:
    1. Select Import Certificate.
    2. In the Import Certificate dialog, select Upload a file, browse to the certificate file (base64) you saved earlier, click Open, and then click OK.
  8. Select Enable SAML single logout and enter the URL used to send the SAML logout response back to the application in IdP single logout URL.

    The IdP single logout URL is the Logout URL in the Azure portal.

  9. In the Username pane, select Text SAML assertion, enter the text-based SAML assertion that usernames are obtained from.
  10. In the Group Membership pane:
    1. In Obtain group membership from, select Cloud.
    2. In the OAuth server dropdown, select the remote OAuth server created in Creating a remote OAuth server with Azure application ID and authentication key
  11. Click OK.

The following shows the relation between the Microsoft Azure AD IdP and the remote SAML server.

Previous
Next

Creating a remote SAML server

To create a remote SAML server:
  1. Go to Authentication > Remote Auth. Servers > SAML and select Create New.

    The Create New Remote SAML Server window opens.

  2. Enter a name for the remote SAML server.

    The name of the remote SAML server is then used when configuring SAML single sign-on in Azure.

  3. Select Type as FSSO.

    The Portal URL is the Sign on URL in the SAML-based Sign-on window in Azure Active Directory > Enterprise applications on the Azure portal.

  4. In Entity ID, enter the SAML SP entity ID.

    The Entity ID is the Identifier (Entity ID) in the Azure portal.

  5. In IdP entity ID, enter the unique name of the SAML IdP.

    The IdP entity ID is Azure AD Identifier in the Azure portal.

  6. In IdP single sign-on URL, enter the identity provider portal URL you want to use for SSO.

    The IdP single sign-on URL is Login URL in the Azure portal.

  7. In IdP certificate fingerprint:
    1. Select Import Certificate.
    2. In the Import Certificate dialog, select Upload a file, browse to the certificate file (base64) you saved earlier, click Open, and then click OK.
  8. Select Enable SAML single logout and enter the URL used to send the SAML logout response back to the application in IdP single logout URL.

    The IdP single logout URL is the Logout URL in the Azure portal.

  9. In the Username pane, select Text SAML assertion, enter the text-based SAML assertion that usernames are obtained from.
  10. In the Group Membership pane:
    1. In Obtain group membership from, select Cloud.
    2. In the OAuth server dropdown, select the remote OAuth server created in Creating a remote OAuth server with Azure application ID and authentication key
  11. Click OK.

The following shows the relation between the Microsoft Azure AD IdP and the remote SAML server.

Previous
Next