Fortinet black logo

SAML Interoperability Guide

Home FortiAuthenticator 6.4.0 SAML Interoperability Guide

Configuring FortiAuthenticator IdP

6.4.0
6.4.0
Copy Link
Copy Doc ID efb53b49-7278-11ec-bdf2-fa163e15d75b:677299
Download PDF

Configuring FortiAuthenticator IdP

To configure FortiAuthenticator IdP:
  1. Go to Authentication > SAML IdP > General.
  2. Enable SAML Identity Provider portal, and enter the following information:
    • Server address: Enter the device FQDN of the FortiAuthenticator IdP.

      Device FQDN can be configured from the System Information widget in System > Dashboard > Status.

      See Configure the FQDN.
    • Username input format: Select the default username input format.
      The default is username@realm.
    • Realms: In the dropdown, select the local realm.

      Optionally, for group filtering, enable Filter, click the pen icon to edit, select groups from the Available User Groups search box, and click OK.

    • Default IdP certificate: Select a default certificate to use in your SAML configuration.

      • The certificate is used in the https connection to the IdP portal.

  3. Click OK.

    Once the IdP has been configured, you can proceed with setting up the service provider(s) of your choice.

In addition to configuring the SAML IdP settings, you will also need to select and export the default IdP certificate for use on the service providers.

To export the IdP certificate:
  1. Go to Certificate Management > End Entities > Local Services.
  2. Select the certificate used in the SAML IdP and click Export Certificate.

Previous
Next

Configuring FortiAuthenticator IdP

To configure FortiAuthenticator IdP:
  1. Go to Authentication > SAML IdP > General.
  2. Enable SAML Identity Provider portal, and enter the following information:
    • Server address: Enter the device FQDN of the FortiAuthenticator IdP.

      Device FQDN can be configured from the System Information widget in System > Dashboard > Status.

      See Configure the FQDN.
    • Username input format: Select the default username input format.
      The default is username@realm.
    • Realms: In the dropdown, select the local realm.

      Optionally, for group filtering, enable Filter, click the pen icon to edit, select groups from the Available User Groups search box, and click OK.

    • Default IdP certificate: Select a default certificate to use in your SAML configuration.

      • The certificate is used in the https connection to the IdP portal.

  3. Click OK.

    Once the IdP has been configured, you can proceed with setting up the service provider(s) of your choice.

In addition to configuring the SAML IdP settings, you will also need to select and export the default IdP certificate for use on the service providers.

To export the IdP certificate:
  1. Go to Certificate Management > End Entities > Local Services.
  2. Select the certificate used in the SAML IdP and click Export Certificate.

Previous
Next