RADIUS accounting sources
If required, SSO can be based on RADIUS accounting records. The FortiAuthenticator receives RADIUS accounting packets from a carrier RADIUS server or network device, such as a wireless controller, collects additional group information, and then inserts it into FSSO for use by multiple FortiGate devices for identity based policies.
The FortiAuthenticator must be configured as a RADIUS accounting client to the RADIUS server.
To view the RADIUS accounting SSO client list, go to Fortinet SSO Methods > SSO > RADIUS Accounting Sources.
To configure and enable a RADIUS accounting client:
- From the RADIUS accounting SSO client list, select Create New. The Create New RADIUS Accounting SSO Client window opens.
- Enter the following information:
- Select OK to apply the changes.
- Enable RADIUS accounting SSO clients by going to Fortinet SSO Methods > SSO > General and selecting Enable RADIUS Accounting SSO clients. See General settings.
Name | Enter a name in the Name field to identify the RADIUS accounting client on the FortiAuthenticator. |
Client name/IP | Enter the RADIUS accounting client’s FQDN or IP address. |
Secret | Enter the RADIUS accounting client’s pre-shared key. |
Description | Optionally, enter a description of the client. |
SSO user type | Specify the type of user that the client will provide: external, local, or remote (LDAP server must be selected from the dropdown menu). |
Strip off prefix or suffix from username if any | Enable to strip prefixes and suffixes from the SSO usernames. |
RADIUS Attributes | If required, customize the username, client IP, and user group RADIUS attributes to match the ones used in the incoming RADIUS accounting records. See RADIUS attributes. |