Fortinet Document Library

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Setting up SAML SSO in FortiAuthenticator

To enable SAML portal:
  1. Go to Fortinet SSO Methods > SSO > Portal Services.
  2. In the Edit Portal Services Settings window, select Enable SAML portal to enable SAML portal log in for SSO.
  3. Click OK.
To configure SAML SSO authentication to use Azure SAML IdP:
  1. Go to Fortinet SSO Methods > SSO > SAML Authentication and select Create New.

    The Create New SAML Identity Provider window opens.

  2. In Remote SAML server dropdown, select the remote SAML server created in Creating a remote SAML server .
  3. In the Domain Membership pane, enable Get SSO domain name from, and select Username prefix/suffix to obtain the domain name specified in the username.
  4. Click OK to create the new SAML SP portal.
To enable FSSO for FortiGate and define a password:
  1. Go to Fortinet SSO Methods > SSO > General to open the Edit SSO Configuration window.
  2. In the FortiGate pane, select Enable authentication, then enter a secret key, or password, in the Secret key field.
  3. Click OK.
To create a FortiGate filter and include the groups from Azure AD:
  1. Go to Fortinet SSO Methods > SSO > FortiGate Filtering and select Create New.

    The Create New FortiGate Filter window opens.

  2. Enter a name to identify the filter.
  3. In FortiGate name/IP, enter FortiGate unit’s FQDN or IP address.
  4. In Fortinet Single Sign-On (FSSO) pane, enable Forward FSSO information for users from the following subset of users/groups/containers only, and include the groups from Azure AD you intend to send information to the FortiGate.
  5. Click OK.

Setting up SAML SSO in FortiAuthenticator

To enable SAML portal:
  1. Go to Fortinet SSO Methods > SSO > Portal Services.
  2. In the Edit Portal Services Settings window, select Enable SAML portal to enable SAML portal log in for SSO.
  3. Click OK.
To configure SAML SSO authentication to use Azure SAML IdP:
  1. Go to Fortinet SSO Methods > SSO > SAML Authentication and select Create New.

    The Create New SAML Identity Provider window opens.

  2. In Remote SAML server dropdown, select the remote SAML server created in Creating a remote SAML server .
  3. In the Domain Membership pane, enable Get SSO domain name from, and select Username prefix/suffix to obtain the domain name specified in the username.
  4. Click OK to create the new SAML SP portal.
To enable FSSO for FortiGate and define a password:
  1. Go to Fortinet SSO Methods > SSO > General to open the Edit SSO Configuration window.
  2. In the FortiGate pane, select Enable authentication, then enter a secret key, or password, in the Secret key field.
  3. Click OK.
To create a FortiGate filter and include the groups from Azure AD:
  1. Go to Fortinet SSO Methods > SSO > FortiGate Filtering and select Create New.

    The Create New FortiGate Filter window opens.

  2. Enter a name to identify the filter.
  3. In FortiGate name/IP, enter FortiGate unit’s FQDN or IP address.
  4. In Fortinet Single Sign-On (FSSO) pane, enable Forward FSSO information for users from the following subset of users/groups/containers only, and include the groups from Azure AD you intend to send information to the FortiGate.
  5. Click OK.