Smart Connect profiles
Smart Connect profiles are available under Authentication > Portals > Smart Connect Profiles.
This feature provides the ability to set up network settings (such as WiFi configuration) on an endpoint by downloading a script or an executable (depending on the endpoint's OS) from the FortiAuthenticator portal.
When configured, the Smart Connect feature will show up as a new button on the portal's post-login main page:
When clicking on the Smart Connect button, the user is given the option to download a self-install file for the OS type of their choice, including iOS/MacOS and Windows. A device ID can also be entered, however, this is only available if the Smart Connect profile uses EAP-TLS. If entered, the ID is used to generate the end-user certificate.
- Select Create New to start the profile configuration wizard.
- Enter a Name and select Next (you cannot configure a different Connect type other than Wireless).
- Enter an SSID, and select the Auth method to use: WPA2 Personal or WPA2 Enterprise.
- Enter a Pre-shared Key, then select Next.
- You can edit the profile to review and change any of the previously set options, and define additional settings, as shown below:
- Select OK to apply your options and finish the configuration.
When created, a Smart Connect profile can be associated with a guest portal and be available as a post-login service (see Post-login Services under Portals).
You can optionally enable or disable Hidden SSID to show or hide the SSID. When finished, select Next.
Smart Connect for Windows
The Smart Connect for Windows feature provides an executable file that adds specific network settings to an end-user's Windows device. The Smart Connect profile settings are the same as the ones implemented for iOS and macOS. The main difference is in how the downloaded executable file is built and packaged, so that it installs seamlessly on Windows devices.
When using the device tracking feature, users are no longer redirected by the FortiGate after initial device registration. Instead, the FortiAuthenticator provides a specific URL for each guest portal, as derived from the guest portal name (under Authentication > Portals > Portals).
When the end user navigates to the self-service URL, they must provide valid credentials to get network access, but the login does not trigger the call to the FortiGate device's API.
|Note that special characters must be encoded in the self-service URL.|
When upgrading from a previous release, as a result of the device tracking feature, the following occurs: