Fortinet white logo
Fortinet white logo

New Features

SAML SSO wildcard admin user to match all users on IdP server

SAML SSO wildcard admin user to match all users on IdP server

In FortiManager 7.2.0, you can create a SAML SSO wildcard admin user to match all users on the IdP server.

In the following examples, the IdP is configured with the following local users and profiles:

  • test1 is configured with profile1 which specifies access to adom1.
  • test2 is configured with profile2 which specifies access to adom2.
  • test3 is configured with profile3 which specifies access to all ADOMs.

As long as the SP has the same user profile and ADOM names as the IdP, when logging in as an SSO user on the SP, the user is assigned the same profile and ADOMs.

This example assumes that you have already configured SAML SSO in your environment.

To configure a SAML wildcard user with SAML attributes:
  1. On the SAML Identity Provider (IdP), click Create New under SP Settings to configure the service provider.
  2. Attributes for the service provider can be added by clicking Create New under SAML Attributes.
    In this example, the following SAML attributes are used:
    • Name: username, Type: Username
    • Name: adom, Type: ADOM
    • Name: profile, Type: Profile Name

  3. On the SAML Service Provider (SP), create one SAML SSO user and enable the Match all users on remote server option.

  4. Log in to the SP as a local user created on the IdP.

    For example, the local users "test1", "test2", and "test3" have been created on the IdP.

    When logging on to the SP as user "test3", the account has the same ADOM access settings as are configured for local user "test3" on the IdP.

SAML SSO wildcard admin user to match all users on IdP server

SAML SSO wildcard admin user to match all users on IdP server

In FortiManager 7.2.0, you can create a SAML SSO wildcard admin user to match all users on the IdP server.

In the following examples, the IdP is configured with the following local users and profiles:

  • test1 is configured with profile1 which specifies access to adom1.
  • test2 is configured with profile2 which specifies access to adom2.
  • test3 is configured with profile3 which specifies access to all ADOMs.

As long as the SP has the same user profile and ADOM names as the IdP, when logging in as an SSO user on the SP, the user is assigned the same profile and ADOMs.

This example assumes that you have already configured SAML SSO in your environment.

To configure a SAML wildcard user with SAML attributes:
  1. On the SAML Identity Provider (IdP), click Create New under SP Settings to configure the service provider.
  2. Attributes for the service provider can be added by clicking Create New under SAML Attributes.
    In this example, the following SAML attributes are used:
    • Name: username, Type: Username
    • Name: adom, Type: ADOM
    • Name: profile, Type: Profile Name

  3. On the SAML Service Provider (SP), create one SAML SSO user and enable the Match all users on remote server option.

  4. Log in to the SP as a local user created on the IdP.

    For example, the local users "test1", "test2", and "test3" have been created on the IdP.

    When logging on to the SP as user "test3", the account has the same ADOM access settings as are configured for local user "test3" on the IdP.