Fortinet black logo

SAML Interoperability Guide

Home FortiAuthenticator 6.4.0 SAML Interoperability Guide
6.4.0
6.4.0

FortiAnalyzer

FortiAnalyzer

Note

Before proceeding, ensure that you have configured SAML settings on the FortiAuthenticator. See Configuring SAML settings.
To configure FortiAnalyzer as a service provider:
  1. Create a FortiAnalyzer administrator account.
  2. Configure the FortiAnalyzer as a SAML SP.
  3. Review results.

Create a FortiAnalyzer administrator account

Create an administrator account on FortiAnalyzer that matches a user on the FortiAuthenticator.

To create an administrator account on FortiAnalyzer:
  1. Go to System Settings > Admin > Administrators, and click Create New.
  2. Configure the administrator account settings, and click OK.

Configure the FortiAnalyzer as a SAML SP

In order to complete the following configuration, you will need to simultaneously configure the SAML SP settings on the FortiAuthenticator. This is because some fields required for configuring SP settings on the FortiAuthenticator are only available when configuring the SAML settings on the FortiAnalyzer.

See Configuring SP settings on FortiAuthenticator.

To configure the FortiAnalyzer as a service provider:
  1. Go to System Settings > Admin > SAML SSO.
  2. Select Service Provider (SP) as the Single Sign-On Mode.
  3. Enter the following information:
    • Server Address: Enter the IP address of the FortiAnalyzer.
    • Default Login Page: Select Normal.
    • IdP Type: Select Fortinet.
    • IdP Address: Enter the IP address of the IdP FortiAuthenticator.
    • Prefix: Enter the prefix that was created during SP configuration on FortiAuthenticator.
    • IdP Certificate: Import and select the certificate that was chosen during FortiAuthenticator setup.
  4. Select OK.
    Note

    Make note of the following settings, as they are required during SP configuration on FortiAuthenticator.

    • SP Entity ID
    • SP ACS (Login) URL
    • SP SLS (Logout) URL

Results

When the administrator visits the SP IP address of FQDN, they will see an additional option on the login screen to sign in using SSO.

Previous
Next

FortiAnalyzer

Note

Before proceeding, ensure that you have configured SAML settings on the FortiAuthenticator. See Configuring SAML settings.
To configure FortiAnalyzer as a service provider:
  1. Create a FortiAnalyzer administrator account.
  2. Configure the FortiAnalyzer as a SAML SP.
  3. Review results.

Create a FortiAnalyzer administrator account

Create an administrator account on FortiAnalyzer that matches a user on the FortiAuthenticator.

To create an administrator account on FortiAnalyzer:
  1. Go to System Settings > Admin > Administrators, and click Create New.
  2. Configure the administrator account settings, and click OK.

Configure the FortiAnalyzer as a SAML SP

In order to complete the following configuration, you will need to simultaneously configure the SAML SP settings on the FortiAuthenticator. This is because some fields required for configuring SP settings on the FortiAuthenticator are only available when configuring the SAML settings on the FortiAnalyzer.

See Configuring SP settings on FortiAuthenticator.

To configure the FortiAnalyzer as a service provider:
  1. Go to System Settings > Admin > SAML SSO.
  2. Select Service Provider (SP) as the Single Sign-On Mode.
  3. Enter the following information:
    • Server Address: Enter the IP address of the FortiAnalyzer.
    • Default Login Page: Select Normal.
    • IdP Type: Select Fortinet.
    • IdP Address: Enter the IP address of the IdP FortiAuthenticator.
    • Prefix: Enter the prefix that was created during SP configuration on FortiAuthenticator.
    • IdP Certificate: Import and select the certificate that was chosen during FortiAuthenticator setup.
  4. Select OK.
    Note

    Make note of the following settings, as they are required during SP configuration on FortiAuthenticator.

    • SP Entity ID
    • SP ACS (Login) URL
    • SP SLS (Logout) URL

Results

When the administrator visits the SP IP address of FQDN, they will see an additional option on the login screen to sign in using SSO.

Previous
Next