Fortinet Document Library

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Configuring an application on OneLogin

To configure an OneLogin application:
  1. In the SAML Custom Connector (Advanced) window that opens after step 7 in Creating an OneLogin application, go to the Configuration tab.

    Alternatively, go to Applications > Applications, from the applications list select your application, and then go to the Configuration tab.

  2. In Audience (Entity ID), enter the Entity ID from the remote SAML server configuration on FortiAuthenticator.
  3. In ACS (Consumer) URL Validator, enter the modified ACS (login) URL from the remote SAML server configuration on FortiAuthenticator.

    The ACS (Consumer) URL Validator must start with a “^”, end with a “$”, and have a “\” preceding every “/”, “?” and “.”.

    See the screenshot below.

  4. In ACS (Consumer) URL, enter the ACS (login) URL from the remote SAML server configuration on FortiAuthenticator.
  5. In Single Logout URL, enter the SLS (logout) URL from the remote SAML server configuration on FortiAuthenticator.
  6. In Login URL, enter the Portal URL from the remote SAML server configuration on FortiAuthenticator.
  7. SAML not valid before and SAML not valid on or after may be changed as required.
  8. Ensure that SAML initiator is set as OneLogin.
  9. Ensure that SAML nameID format is as Email.
  10. Ensure that SAML issuer type is set as Specific.
  11. In the SAML signature element dropdown, select Both.
  12. Click Save.

    Parameters while configuring an application on OneLogin must match the remote SAML server configuration on FortiAuthenticator.

    See Configuring a remote SAML server .

Configuring an application on OneLogin

To configure an OneLogin application:
  1. In the SAML Custom Connector (Advanced) window that opens after step 7 in Creating an OneLogin application, go to the Configuration tab.

    Alternatively, go to Applications > Applications, from the applications list select your application, and then go to the Configuration tab.

  2. In Audience (Entity ID), enter the Entity ID from the remote SAML server configuration on FortiAuthenticator.
  3. In ACS (Consumer) URL Validator, enter the modified ACS (login) URL from the remote SAML server configuration on FortiAuthenticator.

    The ACS (Consumer) URL Validator must start with a “^”, end with a “$”, and have a “\” preceding every “/”, “?” and “.”.

    See the screenshot below.

  4. In ACS (Consumer) URL, enter the ACS (login) URL from the remote SAML server configuration on FortiAuthenticator.
  5. In Single Logout URL, enter the SLS (logout) URL from the remote SAML server configuration on FortiAuthenticator.
  6. In Login URL, enter the Portal URL from the remote SAML server configuration on FortiAuthenticator.
  7. SAML not valid before and SAML not valid on or after may be changed as required.
  8. Ensure that SAML initiator is set as OneLogin.
  9. Ensure that SAML nameID format is as Email.
  10. Ensure that SAML issuer type is set as Specific.
  11. In the SAML signature element dropdown, select Both.
  12. Click Save.

    Parameters while configuring an application on OneLogin must match the remote SAML server configuration on FortiAuthenticator.

    See Configuring a remote SAML server .