Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Admin Guide

    Adding user source

    Adding user source

    1. Click Authentication > User Source.

    2. Click Add User Source.

    3. Under Source Information, make the following configurations and click Next.

      Parameter Description
      Name Specify the user source name.
      prefix System-generated; no action is needed.
      Username Attribute Enter a specific attribute in the SAML application or user profile that is used in the username.
      Login Hint Enter a key that help the IdP to identify the user to authenticatem
      Realm Select a realm.
      Interface Select an interface.
      Domain Select a domain to add domain mapping, or click the + sign to add an new domain mapping.

    4. Under Interface Detail, make the following configurations, and click Next.

      Parameter Description
      POST Binding If enabled, SAML messages will be encoded and sent in the body of HTML POST requests.
      Include Subject If enabled, the <Subject> element that specifies the user expected in authentication assertions will included be included. This allows the IdP to bypass the username input on the login page.
      Signing Certificate Upload the signing certificate.
      SP Metadata

      • Entity ID — The Entity ID of the IdP Proxy.

      • ACS URL — The Assertion Consumer Service URL automatically generated for your user source.

      • SLO URL —The Single Logout URL automatically generated for your user source.
      IdP Metadata

      • Entity ID — The Entity ID associated with your IdP.

      • Login URL — The Login URL of your IdP.

      • Logout URL — The Logout URL if your IdP.

    5. Under Attribute Mapping, enter your customized attribute, click the + sign, add the mapped attribute, and click Save.

    For more information, see Using SSO applications.

    Previous
    Next

    Adding user source

    Adding user source

    1. Click Authentication > User Source.

    2. Click Add User Source.

    3. Under Source Information, make the following configurations and click Next.

      Parameter Description
      Name Specify the user source name.
      prefix System-generated; no action is needed.
      Username Attribute Enter a specific attribute in the SAML application or user profile that is used in the username.
      Login Hint Enter a key that help the IdP to identify the user to authenticatem
      Realm Select a realm.
      Interface Select an interface.
      Domain Select a domain to add domain mapping, or click the + sign to add an new domain mapping.

    4. Under Interface Detail, make the following configurations, and click Next.

      Parameter Description
      POST Binding If enabled, SAML messages will be encoded and sent in the body of HTML POST requests.
      Include Subject If enabled, the <Subject> element that specifies the user expected in authentication assertions will included be included. This allows the IdP to bypass the username input on the login page.
      Signing Certificate Upload the signing certificate.
      SP Metadata

      • Entity ID — The Entity ID of the IdP Proxy.

      • ACS URL — The Assertion Consumer Service URL automatically generated for your user source.

      • SLO URL —The Single Logout URL automatically generated for your user source.
      IdP Metadata

      • Entity ID — The Entity ID associated with your IdP.

      • Login URL — The Login URL of your IdP.

      • Logout URL — The Logout URL if your IdP.

    5. Under Attribute Mapping, enter your customized attribute, click the + sign, add the mapped attribute, and click Save.

    For more information, see Using SSO applications.

    Previous
    Next