Fortinet black logo

Cookbook

Configuring single-sign-on in the Security Fabric

Copy Link
Copy Doc ID af0e75e9-211f-11ea-9384-00505692583a:977906
Download PDF

SAML SSO enables a single FortiGate device to act as the identify provider (IdP), while other FortiGate devices act as service providers (SP) and redirect logins to the IdP.

Note

Only the root FortiGate can be the identity provider (IdP). The downstream FortiGates can be configured as service providers (SP).

The process is as follows:

  1. Configuring the root FortiGate as the IdP
  2. Configuring a downstream FortiGate as an SP
  3. Configuring certificates for SAML SSO
  4. Verifying the single-sign-on configuration

You can also use the CLI. See CLI commands for SAML SSO.

SAML SSO enables a single FortiGate device to act as the identify provider (IdP), while other FortiGate devices act as service providers (SP) and redirect logins to the IdP.

Note

Only the root FortiGate can be the identity provider (IdP). The downstream FortiGates can be configured as service providers (SP).

The process is as follows:

  1. Configuring the root FortiGate as the IdP
  2. Configuring a downstream FortiGate as an SP
  3. Configuring certificates for SAML SSO
  4. Verifying the single-sign-on configuration

You can also use the CLI. See CLI commands for SAML SSO.