Realms allow multiple domains to authenticate to a single FortiAuthenticator unit. LDAP, RADIUS, and SAML remote servers are supported. Each RADIUS realm is associated with a name, such as a domain or company name, that is used during the login process to indicate the remote (or local) authentication server on which the user resides.
For example, the username of the user PJFry, belonging to the company P_Express, would become any of the following, depending on the selected format:
Acceptable realms can be configured on a per RADIUS server client basis. See Realms.
To manage realms, go to Authentication > User Management > Realms. The following options are available:
- From the realms list, select Create New.
- Enter a Name for the realm.
The realm name may only contain letters, numbers, periods, hyphens, and underscores. It cannot start or end with a special character.
- Select the User source for the realm from the dropdown menu. The options include Local users, or from specific RADIUS or LDAP servers.
- Enable Chained token authentication with remote RADIUS server. Note that this option is only available when selecting a remote LDAP server as the User source. Chained authentication provides the ability to chain two different authentication methods together so that, for example, a two-factor authentication RSA solution can validate passcodes via RADIUS.
- Select OK to create the new realm.