Fortinet black logo

Cookbook

Logging in to a downstream FortiGate SP in another Security Fabric

Copy Link
Copy Doc ID 3c219ad1-1ba7-11ea-9384-00505692583a:144164
Download PDF

Logging in to a downstream FortiGate SP in another Security Fabric

This example describes how to log in to one downstream FortiGate SP in a Security Fabric, and then open another tab in your browser to connect to another FortiGate SP that is not a member of the Security Fabric.

To log in to a downstream FortiGate SP in another Security Fabric:
  1. Open a tab in a browser, and log in to a downstream FortiGate SP using your SSO administrator account.

    In this example, the SSO administrator account is named test3.

  2. Open a new tab in the browser, and log in to a FortiGate SP that is not a member of the Security Fabric but uses the root FortiGate IdP in the Security Fabric as the identity provider.

    Although the administrator named test3 on the root FortiGate IdP was used for authentication on both systems, SSO administrator names on different FortiGate SPs can vary, depending on what was configured as the SAML attribute type for the specific FortiGate SP on the root FortiGate IdP. This is useful in cases where the SSO administrator and the local system administrator on the FortiGate SP both have the same login name, but are two different entities.

Logging in to a downstream FortiGate SP in another Security Fabric

This example describes how to log in to one downstream FortiGate SP in a Security Fabric, and then open another tab in your browser to connect to another FortiGate SP that is not a member of the Security Fabric.

To log in to a downstream FortiGate SP in another Security Fabric:
  1. Open a tab in a browser, and log in to a downstream FortiGate SP using your SSO administrator account.

    In this example, the SSO administrator account is named test3.

  2. Open a new tab in the browser, and log in to a FortiGate SP that is not a member of the Security Fabric but uses the root FortiGate IdP in the Security Fabric as the identity provider.

    Although the administrator named test3 on the root FortiGate IdP was used for authentication on both systems, SSO administrator names on different FortiGate SPs can vary, depending on what was configured as the SAML attribute type for the specific FortiGate SP on the root FortiGate IdP. This is useful in cases where the SSO administrator and the local system administrator on the FortiGate SP both have the same login name, but are two different entities.