Fortinet black logo

SAML Interoperability Guide

Home FortiAuthenticator 6.4.0 SAML Interoperability Guide
6.4.0
6.4.0

FortiGate

FortiGate

Before proceeding, ensure that system settings are up to date. See System settings.

FortiGate 7.0.2 was used to perform the testing.

The FortiGate appliance is the Gateway to your network, therefore, securing remote access, whether administrative access to the appliance itself or VPN access to the network behind it, is critical.

SAML is used for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP), such as Google Apps, Office 365, Salesforce, and FortiGate. FortiAuthenticator can be configured as an IdP, providing trust relationship authentication for unauthenticated users trying to access an SP.

One advantage of SAML authentication is that two-factor authentication can be provided by the SAML Identity Provider (IdP).

This chapter demonstrates configuring SAML SSO using a FortiGate as an SP and FortiAuthenticator as an IdP to allow users to log in through an SSL VPN portal.

See Configuring SAML SSO in the GUI.

To configure SAML SSO using FortiAuthenticator:
  1. Configuring FortiAuthenticator local users and registering a token:
    1. Registering a token
    2. Creating a test user
  2. Configuring a SAML IdP and a service provider:
    1. Configuring FortiAuthenticator IdP
    2. Configuring SP settings on FortiAuthenticator
  3. Configuring the FortiGate SAML related settings:
    1. Creating a new SAML user and server
  4. Example: FortiGate SSL-VPN related settings:
    1. Adding SAML group to SSL VPN settings example
    2. Configuring a firewall policy to allow SSL VPN access example
Previous
Next

FortiGate

Before proceeding, ensure that system settings are up to date. See System settings.

FortiGate 7.0.2 was used to perform the testing.

The FortiGate appliance is the Gateway to your network, therefore, securing remote access, whether administrative access to the appliance itself or VPN access to the network behind it, is critical.

SAML is used for exchanging authentication and authorization data between an identity provider (IdP) and a service provider (SP), such as Google Apps, Office 365, Salesforce, and FortiGate. FortiAuthenticator can be configured as an IdP, providing trust relationship authentication for unauthenticated users trying to access an SP.

One advantage of SAML authentication is that two-factor authentication can be provided by the SAML Identity Provider (IdP).

This chapter demonstrates configuring SAML SSO using a FortiGate as an SP and FortiAuthenticator as an IdP to allow users to log in through an SSL VPN portal.

See Configuring SAML SSO in the GUI.

To configure SAML SSO using FortiAuthenticator:
  1. Configuring FortiAuthenticator local users and registering a token:
    1. Registering a token
    2. Creating a test user
  2. Configuring a SAML IdP and a service provider:
    1. Configuring FortiAuthenticator IdP
    2. Configuring SP settings on FortiAuthenticator
  3. Configuring the FortiGate SAML related settings:
    1. Creating a new SAML user and server
  4. Example: FortiGate SSL-VPN related settings:
    1. Adding SAML group to SSL VPN settings example
    2. Configuring a firewall policy to allow SSL VPN access example
Previous
Next