Fortinet black logo

Administration Guide

Home FortiPortal 7.0.3 Administration Guide
7.0.3
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.3.8
5.3.7
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.0
5.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0

Mapping IDP server roles user to FortiPortal profiles

Mapping IDP server roles user to FortiPortal profiles

The site administrator can create profiles on FortiPortal to restrict access to UI pages or actions. These profiles can be mapped to existing roles on the IPD server.

When users are authenticated, the user role noted in the SAML assertion from the IDP server is mapped to a profile in FortiPortaland the appropriate permissions are provided to the user.

Site administrators do not need to change or add permissions on the IDP server exclusively for FortiPortal.

FortiPortal profiles can be mapped to IDP server roles prior to setting up an SSO provider. The IDP role name will be matched to any IDP servers that are added.

To map IDP roles to FortiPortal profiles:
  1. Go to System > Settings > Authentication.
  2. In Authentication Access, select Remote.
  3. In the Remote Server dropdown, select SSO.
  4. Select View SSO Roles.
    The SSO Roles window opens.
  5. Select Create.
  6. In the Create Role window, enter the Role Name (this name must be an SSO role). Select the Role Type.
  7. Select a FortiPortal profile to associate with this SSO role. See Profiles for more information about creating profiles.
  8. Click Save.
Previous
Next

Mapping IDP server roles user to FortiPortal profiles

The site administrator can create profiles on FortiPortal to restrict access to UI pages or actions. These profiles can be mapped to existing roles on the IPD server.

When users are authenticated, the user role noted in the SAML assertion from the IDP server is mapped to a profile in FortiPortaland the appropriate permissions are provided to the user.

Site administrators do not need to change or add permissions on the IDP server exclusively for FortiPortal.

FortiPortal profiles can be mapped to IDP server roles prior to setting up an SSO provider. The IDP role name will be matched to any IDP servers that are added.

To map IDP roles to FortiPortal profiles:
  1. Go to System > Settings > Authentication.
  2. In Authentication Access, select Remote.
  3. In the Remote Server dropdown, select SSO.
  4. Select View SSO Roles.
    The SSO Roles window opens.
  5. Select Create.
  6. In the Create Role window, enter the Role Name (this name must be an SSO role). Select the Role Type.
  7. Select a FortiPortal profile to associate with this SSO role. See Profiles for more information about creating profiles.
  8. Click Save.
Previous
Next