Fortinet black logo

User Guide

Home FortiPortal 7.2.2 User Guide
7.2.2
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.3.8
5.3.7
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.0
5.2.0
4.1.0

Configuring an authentication scheme

Configuring an authentication scheme

Use an authentication scheme to define an authentication process.

To configure an authentication scheme:
  1. Go to Security > Firewall Objects.
  2. Select Authentication Scheme in the firewall object type dropdown.
  3. Click Create or select an existing authentication schemefrom the list and click Edit.
  4. In the form, enter the following information:

    Settings

    Guidelines

    Name

    Required. Enter a name for the authentication scheme.

    Method

    Select the authentication method from the following options:

    • Basic: Authenticate using username and password.

    • Digest: Authenticate using digest authentication.

    • Fortinet Single Sign-On(FSSO): Authenticate using Fortinet Single Sign-On.

    • NTLM: Authenticate using Windows NT LAN Manager.

    • SAML: Authenticate using a remote SAML server.

    • Certificate: Authenticate using a local certificate.

    • Form-based: Authenticate using an HTML form.

    • Negotiate: Automatically select Kerberos or NTLM based on availability.

    • RADIUS Single Sign-On(RSSO): Authenticate using a remote RADIUS server.

    • SSH Public Key: Authenticate using a local SSH public key.

    SAML SSO Server

    Select the SSO server.

    This options is only available when Method is set to SAML.

    Timeout

    Enter the timeout, in seconds.

    This options is only available when Method is set to SAML.

    User Database

    Select one of the following options:

    • Local: Use the local FortiPortal user database.

    • Other: Select the user database from the available options in the dropdown.

    This options is only available when Method is set to Basic, Digest, SAML, Form-based, or SSH Public Key.

    Negotiate NTLM

    Enable or disable NTLM negotiation.

    This options is only available when Method is set to Negotiate.

    Kerberos Keytab

    Select a Kerberos keytab.

    This options is only available when Method is set to Negotiate.

    SSH Local CA

    Select a local SSH certificate authority key.

    This options is only available when Method is set to SSH Public Key.

    Domain Controller

    Select an available domain controller.

    This options is only available when Method is set to NTLM or Negotiate.

    FSSO Agent

    Select an FSSO agent.

    This options is only available when Method is set to NTLM or Negotiate.

    Two-Factor Authentication

    Enable or disable two-factor authentication.

    This options is only available when Method is set to Basic or Form-based.

    FSSO Guest

    Enable or disable FSSO guest users.

    This options is only available when Method is set to Basic, Digest, NTLM, SAML, or Negotiate.

  5. Click Save.
Previous
Next

Configuring an authentication scheme

Use an authentication scheme to define an authentication process.

To configure an authentication scheme:
  1. Go to Security > Firewall Objects.
  2. Select Authentication Scheme in the firewall object type dropdown.
  3. Click Create or select an existing authentication schemefrom the list and click Edit.
  4. In the form, enter the following information:

    Settings

    Guidelines

    Name

    Required. Enter a name for the authentication scheme.

    Method

    Select the authentication method from the following options:

    • Basic: Authenticate using username and password.

    • Digest: Authenticate using digest authentication.

    • Fortinet Single Sign-On(FSSO): Authenticate using Fortinet Single Sign-On.

    • NTLM: Authenticate using Windows NT LAN Manager.

    • SAML: Authenticate using a remote SAML server.

    • Certificate: Authenticate using a local certificate.

    • Form-based: Authenticate using an HTML form.

    • Negotiate: Automatically select Kerberos or NTLM based on availability.

    • RADIUS Single Sign-On(RSSO): Authenticate using a remote RADIUS server.

    • SSH Public Key: Authenticate using a local SSH public key.

    SAML SSO Server

    Select the SSO server.

    This options is only available when Method is set to SAML.

    Timeout

    Enter the timeout, in seconds.

    This options is only available when Method is set to SAML.

    User Database

    Select one of the following options:

    • Local: Use the local FortiPortal user database.

    • Other: Select the user database from the available options in the dropdown.

    This options is only available when Method is set to Basic, Digest, SAML, Form-based, or SSH Public Key.

    Negotiate NTLM

    Enable or disable NTLM negotiation.

    This options is only available when Method is set to Negotiate.

    Kerberos Keytab

    Select a Kerberos keytab.

    This options is only available when Method is set to Negotiate.

    SSH Local CA

    Select a local SSH certificate authority key.

    This options is only available when Method is set to SSH Public Key.

    Domain Controller

    Select an available domain controller.

    This options is only available when Method is set to NTLM or Negotiate.

    FSSO Agent

    Select an FSSO agent.

    This options is only available when Method is set to NTLM or Negotiate.

    Two-Factor Authentication

    Enable or disable two-factor authentication.

    This options is only available when Method is set to Basic or Form-based.

    FSSO Guest

    Enable or disable FSSO guest users.

    This options is only available when Method is set to Basic, Digest, NTLM, SAML, or Negotiate.

  5. Click Save.
Previous
Next