Fortinet black logo

Administration Guide

Realms

Realms

Realms allow multiple domains to authenticate to a single FortiAuthenticator unit. LDAP, RADIUS, and SAML remote servers are supported. Each RADIUS realm is associated with a name, such as a domain or company name, that is used during the login process to indicate the remote (or local) authentication server on which the user resides.

For example, the username of the user PJFry, belonging to the company P_Express, would become any of the following, depending on the selected format:

  • PJFry@P_Express
  • P_Express\PJFry
  • P_Express/PJFry

The FortiAuthenticator uses the specified realm to identify the back-end RADIUS, LDAP, or SAML authentication server(s) used to authenticate the user.

Acceptable realms can be configured on a per RADIUS server client basis. See Realms.

To manage realms, go to Authentication > User Management > Realms. The following options are available:

Create New Select to create a new realm.
Delete Select to delete the selected realm or realms.
Edit Select to edit the selected realm.
Name The names of the realms.
User Source The source of the users in the realms.
Chained token authentication with remote RADIUS server

Available when User source is set to an LDAP server. Enable from the dropdown menu to chain token authentication with a RADIUS server.

To create a new realm:
  1. From the realms list, select Create New.
  2. Enter a Name for the realm.
    The realm name may only contain letters, numbers, periods, hyphens, and underscores. It cannot start or end with a special character.
  3. Select the User source for the realm from the dropdown menu. The options include Local users, or from specific RADIUS or LDAP servers.
  4. Enable Chained token authentication with remote RADIUS server. Note that this option is only available when selecting a remote LDAP server as the User source. Chained authentication provides the ability to chain two different authentication methods together so that, for example, a two-factor authentication RSA solution can validate passcodes via RADIUS.
  5. Select OK to create the new realm.

Realms

Realms allow multiple domains to authenticate to a single FortiAuthenticator unit. LDAP, RADIUS, and SAML remote servers are supported. Each RADIUS realm is associated with a name, such as a domain or company name, that is used during the login process to indicate the remote (or local) authentication server on which the user resides.

For example, the username of the user PJFry, belonging to the company P_Express, would become any of the following, depending on the selected format:

  • PJFry@P_Express
  • P_Express\PJFry
  • P_Express/PJFry

The FortiAuthenticator uses the specified realm to identify the back-end RADIUS, LDAP, or SAML authentication server(s) used to authenticate the user.

Acceptable realms can be configured on a per RADIUS server client basis. See Realms.

To manage realms, go to Authentication > User Management > Realms. The following options are available:

Create New Select to create a new realm.
Delete Select to delete the selected realm or realms.
Edit Select to edit the selected realm.
Name The names of the realms.
User Source The source of the users in the realms.
Chained token authentication with remote RADIUS server

Available when User source is set to an LDAP server. Enable from the dropdown menu to chain token authentication with a RADIUS server.

To create a new realm:
  1. From the realms list, select Create New.
  2. Enter a Name for the realm.
    The realm name may only contain letters, numbers, periods, hyphens, and underscores. It cannot start or end with a special character.
  3. Select the User source for the realm from the dropdown menu. The options include Local users, or from specific RADIUS or LDAP servers.
  4. Enable Chained token authentication with remote RADIUS server. Note that this option is only available when selecting a remote LDAP server as the User source. Chained authentication provides the ability to chain two different authentication methods together so that, for example, a two-factor authentication RSA solution can validate passcodes via RADIUS.
  5. Select OK to create the new realm.