Fortinet black logo

Administration Guide

Home FortiAuthenticator 6.6.1 Administration Guide
6.6.1
6.6.1
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.1
4.2.0

Service providers

Service providers

Service providers (SP) can be managed from Authentication > SCIM > Service Provider.

To configure SCIM service provider settings:
  1. In Authentication > SCIM > Service Provider, select Create New.

    The Create New Scim Service Provider window opens.

  2. Enter the following information:

    Edit Service Provider

    Name

    Enter the name for the SCIM SP.

    SCIM endpoint

    Enter the SCIM SP IP address.

    Access token

    Enter the SCIM SP access token.

    Users/Groups To Synchronize

    Remote auth. server

    From the dropdown, select a remote authentication server (LDAP, RADIUS, or SAML) or select local users.

    Synchronization set

    Select from the following two options to synchronize users/groups:

    • All users/groups (default)

    • Custom: Select user groups from Available Groups list and move them to the Chosen Groups list.

      Only the selected user groups and the members of those user groups are synced.

      For remote LDAP servers, only groups with the list of users are included. These are groups without LDAP filter.

    User Attributes Mapping

    User name

    Enter the user name. Set to userName by default.

    First name

    Enter the attribute that specifies the user's first name. Set to name.givenName by default.

    Last name

    Enter the attribute that specifies the user's last name. Set to name.familyName by default.

    Email

    Enter the attribute that specifies the user's email address. Set to emails[type eq "work"].value by default.

    Phone number

    Enter the attribute that specifies the user's phone number.

    Mobile number

    Enter the attribute that specifies the user's mobile number. Set to phoneNumbers[type eq"mobile"].value by default.

    User display name

    Enter the attribute that specifies the user's display name. Set to displayName by default.

    Company

    Enter the attribute that specifies the user's company. Set to organization by default.

    Department

    Enter the attribute that specifies the user's department. Set to department by default.

    Title

    Enter the attribute that specifies the title. Set to title by default.

    Active

    Enter the attribute that specifies the user status. Set to active by default.

    Custom fields configured in Authentication > User Account Policies > Custom User Fields are available here.

    Group Attributes Mapping

    Group display name

    Enter the attribute that specifies the group's display name. Set to displayName by default.

    Group members

    Enter the attribute that specifies group's members. Set to members by default.

  3. Click Save.
Previous
Next

Service providers

Service providers (SP) can be managed from Authentication > SCIM > Service Provider.

To configure SCIM service provider settings:
  1. In Authentication > SCIM > Service Provider, select Create New.

    The Create New Scim Service Provider window opens.

  2. Enter the following information:

    Edit Service Provider

    Name

    Enter the name for the SCIM SP.

    SCIM endpoint

    Enter the SCIM SP IP address.

    Access token

    Enter the SCIM SP access token.

    Users/Groups To Synchronize

    Remote auth. server

    From the dropdown, select a remote authentication server (LDAP, RADIUS, or SAML) or select local users.

    Synchronization set

    Select from the following two options to synchronize users/groups:

    • All users/groups (default)

    • Custom: Select user groups from Available Groups list and move them to the Chosen Groups list.

      Only the selected user groups and the members of those user groups are synced.

      For remote LDAP servers, only groups with the list of users are included. These are groups without LDAP filter.

    User Attributes Mapping

    User name

    Enter the user name. Set to userName by default.

    First name

    Enter the attribute that specifies the user's first name. Set to name.givenName by default.

    Last name

    Enter the attribute that specifies the user's last name. Set to name.familyName by default.

    Email

    Enter the attribute that specifies the user's email address. Set to emails[type eq "work"].value by default.

    Phone number

    Enter the attribute that specifies the user's phone number.

    Mobile number

    Enter the attribute that specifies the user's mobile number. Set to phoneNumbers[type eq"mobile"].value by default.

    User display name

    Enter the attribute that specifies the user's display name. Set to displayName by default.

    Company

    Enter the attribute that specifies the user's company. Set to organization by default.

    Department

    Enter the attribute that specifies the user's department. Set to department by default.

    Title

    Enter the attribute that specifies the title. Set to title by default.

    Active

    Enter the attribute that specifies the user status. Set to active by default.

    Custom fields configured in Authentication > User Account Policies > Custom User Fields are available here.

    Group Attributes Mapping

    Group display name

    Enter the attribute that specifies the group's display name. Set to displayName by default.

    Group members

    Enter the attribute that specifies group's members. Set to members by default.

  3. Click Save.
Previous
Next