Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAuthenticator 6.1.2 Administration Guide
    6.1.2
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.0
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.1
    4.2.0

    Smart Connect profiles

    Smart Connect profiles

    Smart Connect profiles are available under Authentication > Portals > Smart Connect Profiles.

    This feature provides the ability to set up network settings (such as WiFi configuration) on an endpoint by downloading a script or an executable (depending on the endpoint's OS) from the FortiAuthenticator portal.

    When configured, the Smart Connect feature will show up as a new button on the portal's post-login main page:

    When clicking on the Smart Connect button, the user is given the option to download a self-install file for the OS type of their choice, including iOS/MacOS and Windows. A device ID can also be entered, however, this is only available if the Smart Connect profile uses EAP-TLS. If entered, the ID is used to generate the end-user certificate.

    To configure a Smart Connect profile:
    1. Select Create New to start the profile configuration wizard.
    2. Enter a Name and select Next (you cannot configure a different Connect type other than Wireless).
    3. Enter an SSID, and select the Auth method to use: WPA2 Personal or WPA2 Enterprise.

      4. You can optionally enable or disable Hidden SSID to show or hide the SSID. When finished, select Next.

    4. Enter a Pre-shared Key, then select Next.
    5. You can edit the profile to review and change any of the previously set options, and define additional settings, as shown below:

    6. Select OK to apply your options and finish the configuration.

      When created, a Smart Connect profile can be associated with a guest portal and be available as a post-login service (see Post-login Services under Portals).

    Smart Connect for Windows

    The Smart Connect for Windows feature provides an executable file that adds specific network settings to an end-user's Windows device. The Smart Connect profile settings are the same as the ones implemented for iOS and macOS. The main difference is in how the downloaded executable file is built and packaged, so that it installs seamlessly on Windows devices.

    Self-service URL

    When using the device tracking feature, users are no longer redirected by the FortiGate after initial device registration. Instead, the FortiAuthenticator provides a specific URL for each guest portal, as derived from the guest portal name (under Authentication > Portals > Portals).

    When the end user navigates to the self-service URL, they must provide valid credentials to get network access, but the login does not trigger the call to the FortiGate device's API.

    note icon Note that special characters must be encoded in the self-service URL.
    caution icon

    Firmware upgrade

    When upgrading from a previous release, as a result of the device tracking feature, the following occurs:

    • MAB Unauthorized devices are set to Deny access by default for existing RADIUS clients.
    • MAB Blocked groups are set to empty by default for existing RADIUS clients.
    • Device tracking and device management are disabled by default for existing guest portals.
    • Existing replacement messages are left unchanged for existing guest portals.
    • New (default) replacement messages are added to existing guest portals.
    Previous
    Next

    Smart Connect profiles

    Smart Connect profiles

    Smart Connect profiles are available under Authentication > Portals > Smart Connect Profiles.

    This feature provides the ability to set up network settings (such as WiFi configuration) on an endpoint by downloading a script or an executable (depending on the endpoint's OS) from the FortiAuthenticator portal.

    When configured, the Smart Connect feature will show up as a new button on the portal's post-login main page:

    When clicking on the Smart Connect button, the user is given the option to download a self-install file for the OS type of their choice, including iOS/MacOS and Windows. A device ID can also be entered, however, this is only available if the Smart Connect profile uses EAP-TLS. If entered, the ID is used to generate the end-user certificate.

    To configure a Smart Connect profile:
    1. Select Create New to start the profile configuration wizard.
    2. Enter a Name and select Next (you cannot configure a different Connect type other than Wireless).
    3. Enter an SSID, and select the Auth method to use: WPA2 Personal or WPA2 Enterprise.

      4. You can optionally enable or disable Hidden SSID to show or hide the SSID. When finished, select Next.

    4. Enter a Pre-shared Key, then select Next.
    5. You can edit the profile to review and change any of the previously set options, and define additional settings, as shown below:

    6. Select OK to apply your options and finish the configuration.

      When created, a Smart Connect profile can be associated with a guest portal and be available as a post-login service (see Post-login Services under Portals).

    Smart Connect for Windows

    The Smart Connect for Windows feature provides an executable file that adds specific network settings to an end-user's Windows device. The Smart Connect profile settings are the same as the ones implemented for iOS and macOS. The main difference is in how the downloaded executable file is built and packaged, so that it installs seamlessly on Windows devices.

    Self-service URL

    When using the device tracking feature, users are no longer redirected by the FortiGate after initial device registration. Instead, the FortiAuthenticator provides a specific URL for each guest portal, as derived from the guest portal name (under Authentication > Portals > Portals).

    When the end user navigates to the self-service URL, they must provide valid credentials to get network access, but the login does not trigger the call to the FortiGate device's API.

    note icon Note that special characters must be encoded in the self-service URL.
    caution icon

    Firmware upgrade

    When upgrading from a previous release, as a result of the device tracking feature, the following occurs:

    • MAB Unauthorized devices are set to Deny access by default for existing RADIUS clients.
    • MAB Blocked groups are set to empty by default for existing RADIUS clients.
    • Device tracking and device management are disabled by default for existing guest portals.
    • Existing replacement messages are left unchanged for existing guest portals.
    • New (default) replacement messages are added to existing guest portals.
    Previous
    Next