Configuring an authentication scheme
Use an authentication scheme to define an authentication process.
To configure an authentication scheme:
- Go to Security > Firewall Objects.
- Select Authentication Scheme in the firewall object type dropdown.
- Click Create or select an existing authentication schemefrom the list and click Edit.
- In the form, enter the following information:
Settings
Guidelines
Name
Required. Enter a name for the authentication scheme.
Method
Select the authentication method from the following options:
Basic: Authenticate using username and password.
Digest: Authenticate using digest authentication.
Fortinet Single Sign-On(FSSO): Authenticate using Fortinet Single Sign-On.
NTLM: Authenticate using Windows NT LAN Manager.
SAML: Authenticate using a remote SAML server.
Certificate: Authenticate using a local certificate.
Form-based: Authenticate using an HTML form.
Negotiate: Automatically select Kerberos or NTLM based on availability.
RADIUS Single Sign-On(RSSO): Authenticate using a remote RADIUS server.
SSH Public Key: Authenticate using a local SSH public key.
SAML SSO Server
Select the SSO server.
This options is only available when Method is set to SAML.
Timeout
Enter the timeout, in seconds.
This options is only available when Method is set to SAML.
User Database
Select one of the following options:
Local: Use the local FortiPortal user database.
Other: Select the user database from the available options in the dropdown.
This options is only available when Method is set to Basic, Digest, SAML, Form-based, or SSH Public Key.
Negotiate NTLM
Enable or disable NTLM negotiation.
This options is only available when Method is set to Negotiate.
Kerberos Keytab
Select a Kerberos keytab.
This options is only available when Method is set to Negotiate.
SSH Local CA
Select a local SSH certificate authority key.
This options is only available when Method is set to SSH Public Key.
Domain Controller
Select an available domain controller.
This options is only available when Method is set to NTLM or Negotiate.
FSSO Agent
Select an FSSO agent.
This options is only available when Method is set to NTLM or Negotiate.
Two-Factor Authentication
Enable or disable two-factor authentication.
This options is only available when Method is set to Basic or Form-based.
FSSO Guest
Enable or disable FSSO guest users.
This options is only available when Method is set to Basic, Digest, NTLM, SAML, or Negotiate.
- Click Save.