If required, SSO can be based on RADIUS accounting records. The FortiAuthenticator receives RADIUS accounting packets from a carrier RADIUS server or network device, such as a wireless controller, collects additional group information, and then inserts it into FSSO for use by multiple FortiGate devices for identity based policies.
The FortiAuthenticator must be configured as a RADIUS accounting client to the RADIUS server.
To view the RADIUS accounting SSO client list, go to Fortinet SSO Methods > SSO > RADIUS Accounting Sources.
- From the RADIUS accounting SSO client list, select Create New. The Create New RADIUS Accounting SSO Client window opens.
- Enter the following information:
Name Enter a name in the Name field to identify the RADIUS accounting client on the FortiAuthenticator. Client name/IP Enter the RADIUS accounting client’s FQDN or IP address. Secret Enter the RADIUS accounting client’s pre-shared key. Description Optionally, enter a description of the client. SSO user type Specify the type of user that the client will provide: external, local, or remote (LDAP server must be selected from the dropdown menu). Strip off prefix or suffix from username if any Enable to strip prefixes and suffixes from the SSO usernames. RADIUS Attributes If required, customize the username, client IP, and user group RADIUS attributes to match the ones used in the incoming RADIUS accounting records. See RADIUS attributes.
- Select OK to apply the changes.
- Enable RADIUS accounting SSO clients by going to Fortinet SSO Methods > SSO > General and selecting Enable RADIUS Accounting SSO clients. See General settings.