Fortinet black logo

Administration Guide

Home FortiAuthenticator 6.6.0 Administration Guide
6.6.0
6.6.1
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.1
4.2.0

OAuth Service

OAuth Service

FortiAuthenticator can act as an authorization server to issue and manage OAuth access tokens via a set of REST API endpoints. An OAuth client is issued an OAuth access token by FortiAuthenticator after successfully providing its login credentials. The OAuth client can then use this access token as proof of authorization to access a third-party service. The third-party service may contact FortiAuthenticator to validate any given OAuth access token.

To enable OAuth service access, enable the OAuth Service (/api/v1/oauth, /api/v1/pushpoll, /guests, /portal) service available when you enable HTTPS (TCP/443) on the applicable network interface(s) under System > Network > Interfaces. See Interfaces.

You can use OpenID Connect (OIDC) by configuring an authentication policy, authorization code, and OIDC claim(s) for participating clients. See Relying Party.

OIDC only works with remote users if their account has been imported to the FortiAuthenticator configuration.

This section contains the following topics:

Previous
Next

OAuth Service

FortiAuthenticator can act as an authorization server to issue and manage OAuth access tokens via a set of REST API endpoints. An OAuth client is issued an OAuth access token by FortiAuthenticator after successfully providing its login credentials. The OAuth client can then use this access token as proof of authorization to access a third-party service. The third-party service may contact FortiAuthenticator to validate any given OAuth access token.

To enable OAuth service access, enable the OAuth Service (/api/v1/oauth, /api/v1/pushpoll, /guests, /portal) service available when you enable HTTPS (TCP/443) on the applicable network interface(s) under System > Network > Interfaces. See Interfaces.

You can use OpenID Connect (OIDC) by configuring an authentication policy, authorization code, and OIDC claim(s) for participating clients. See Relying Party.

OIDC only works with remote users if their account has been imported to the FortiAuthenticator configuration.

This section contains the following topics:

Previous
Next