Fortinet black logo

Administration Guide

Home FortiAuthenticator 6.5.2 Administration Guide
6.5.2
6.6.1
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.1
4.2.0

SSO users and groups

SSO users and groups

To manage SSO users and groups, go to Fortinet SSO Methods > SSO > SSO Users or SSO Groups.

The following options are available:

Create New

Select to create a new user or group.

In the Create New SSO User window:

  1. Enter a name for the user.
  2. Select Save.

In the Create New SSO Group window:

  1. Enter a name for the SSO group.
  2. In Azure UUID, enter the Azure Universally Unique Identifier (UUID).
  3. Select Save.

Import

Import SSO users or groups from a remote LDAP server.

Delete

Delete the selected users or groups.

Edit

Edit the selected user or group.

Name

The SSO user or group names.

Created/Imported

Displays whether or not the user or user group was created or imported.

FortiAuthenticator SSO user groups cannot be used directly in a security policy on a FortiGate device. An FSSO user group must be created on the FortiGate unit, then the FortiAuthenticator SSO groups must be added to it. FortiGate FSSO user groups are available for selection in identity-based security policies. See the FortiOS Handbook for more information.

To import SSO users or groups:
  1. In the SSO Users or SSO Groups list, select Import.
    • In the Import SSO Users window, select whether to import the DN or Username, and select a remote LDAP server from the Remote LDAP Server dropdown menu, then select Import.
    • In the Import SSO Groups window, select a remote LDAP server from the Remote LDAP Server dropdown menu and select Import. Alternatively, select Azure ADFS and specify the Graph API Service Root, Client ID, and Client key.

      To be able to select a remote SAML server, you must enable SAML portal service.

    An LDAP server must already be configured to select it in the dropdown menu. See LDAP service for more information on adding a remote LDAP server.

    2. The Import SSO Users or Import SSO Groups window opens in a new browser window.

    The Distinguished name field is automatically filled when you select a remote LDAP server from the Remote LDAP Server dropdown.

  2. Optionally, enter a Filter string to reduce the number of entries returned, and then select Apply, or select Clear to clear the filters.

    3. For example, uid=j* returns only user IDs beginning with “j”.

  3. The default configuration imports the attributes commonly associated with Microsoft Active Directory LDAP implementations. Select User attributes to edit the remote LDAP user mapping attributes.

    4. Selecting the field, FirstName for example, presents a list of attributes which have been detected and can be selected. This list is not exhaustive; other non-displayed attributes may be available for import. Consult your LDAP administrator for a list of available attributes.

  4. Select the entries you want to import.
  5. Select OK to import the users or groups.
Previous
Next

SSO users and groups

To manage SSO users and groups, go to Fortinet SSO Methods > SSO > SSO Users or SSO Groups.

The following options are available:

Create New

Select to create a new user or group.

In the Create New SSO User window:

  1. Enter a name for the user.
  2. Select Save.

In the Create New SSO Group window:

  1. Enter a name for the SSO group.
  2. In Azure UUID, enter the Azure Universally Unique Identifier (UUID).
  3. Select Save.

Import

Import SSO users or groups from a remote LDAP server.

Delete

Delete the selected users or groups.

Edit

Edit the selected user or group.

Name

The SSO user or group names.

Created/Imported

Displays whether or not the user or user group was created or imported.

FortiAuthenticator SSO user groups cannot be used directly in a security policy on a FortiGate device. An FSSO user group must be created on the FortiGate unit, then the FortiAuthenticator SSO groups must be added to it. FortiGate FSSO user groups are available for selection in identity-based security policies. See the FortiOS Handbook for more information.

To import SSO users or groups:
  1. In the SSO Users or SSO Groups list, select Import.
    • In the Import SSO Users window, select whether to import the DN or Username, and select a remote LDAP server from the Remote LDAP Server dropdown menu, then select Import.
    • In the Import SSO Groups window, select a remote LDAP server from the Remote LDAP Server dropdown menu and select Import. Alternatively, select Azure ADFS and specify the Graph API Service Root, Client ID, and Client key.

      To be able to select a remote SAML server, you must enable SAML portal service.

    An LDAP server must already be configured to select it in the dropdown menu. See LDAP service for more information on adding a remote LDAP server.

    2. The Import SSO Users or Import SSO Groups window opens in a new browser window.

    The Distinguished name field is automatically filled when you select a remote LDAP server from the Remote LDAP Server dropdown.

  2. Optionally, enter a Filter string to reduce the number of entries returned, and then select Apply, or select Clear to clear the filters.

    3. For example, uid=j* returns only user IDs beginning with “j”.

  3. The default configuration imports the attributes commonly associated with Microsoft Active Directory LDAP implementations. Select User attributes to edit the remote LDAP user mapping attributes.

    4. Selecting the field, FirstName for example, presents a list of attributes which have been detected and can be selected. This list is not exhaustive; other non-displayed attributes may be available for import. Consult your LDAP administrator for a list of available attributes.

  4. Select the entries you want to import.
  5. Select OK to import the users or groups.
Previous
Next