Configuring Captive Portal and security policies
- On the FortiGate, go to Network > Interfaces and edit the internal interface.
- Next go to Policy & Objects > Addresses and add the FortiAuthenticator as an address object.
- Then create five FQDN objects: one of your Okta developer page and the following:
Under Admission Control, set Security Mode to Captive Portal.
Set Authentication Portal to External, and enter the SAML authentication portal URL.
Set User Access to Restricted to Groups, and set User Groups to any local group, as you’ll notice the FSSO group is not available; this local group won’t be used for access.
- eum-col.appdynamics.com
- login.okta.com
- ocsp.digicert.com
- op1static.oktacdn.com
As these are FQDNs, make sure to set Type to FQDN.
set captive-portal-exempt enable
next
end
This command will exempt users of this policy from the captive portal interface.