Configuring a downstream FortiGate as an SP
There are two ways to configure the downstream FortiGate:
An SP must be a member of the Security Fabric before you configure it. |
To configure the downstream FortiGate from the root FortiGate:
- Log in to the root FortiGate.
- Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
- In the Topology tree, hover over a FortiGate and click Configure.
The Configure pane opens.
- Select a SAML Single Sign-On option. Auto sets the device to SP mode. Manual allows you to configure the SSO settings by clicking Advanced Options.
-
Select a Default login page option.
-
Select one of the following Default admin profile types: prof_admin, super_admin, or super_admin_readonly.
- Enter an IP address in the Management IP/FQDN box.
- Enter a management port in the Management port box.
The Management IP/FQDN will be used by the IdP and so other SPs can redirect to each other. The Management port must be reachable from the user's device.
- Click OK.
To configure the downstream FortiGate within the device:
- Log in to the downstream FortiGate.
- Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
- Select a SAML Single Sign-On option. Auto sets the device to SP mode. Manual allows you to configure the SSO settings by clicking Advanced Options.
- Select a Default login page option.
- Select one of the following Default admin profile types: prof_admin, super_admin, or super_admin_readonly.
- Enter an IP address in the Management IP/FQDN box.
- Enter a management port in the Management port box.
The Management IP/FQDN will be used by the IdP and so other SPs can redirect to each other. The Management port must be reachable from the user's device.
- Click OK.