Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAuthenticator 6.1.2 Administration Guide
    6.1.2
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.0
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.1
    4.2.0

    Device self-enrollment

    Device self-enrollment

    Device certificate self-enrollment is a method for local and remote users to obtain certificates for their devices. It can be used to enable EAP-TLS for BYOD configurations, or for VPN authentication. For example:

    • A user brings their tablet to a BYOD organization.
    • They log in to FortiAuthenticator and create a certificate for the device.
    • With their certificate, username, and password they can authenticate to gain access to the wireless network.
    • Without the certificate, they are unable to access the network.
    EAP-TLS is a bidirectional certificate authentication method; the client and the FortiAuthenticator EAP need to have matching certificates from the same CA.

    To enable device self-enrollment and adjust self-enrollment settings, go to Authentication > Self-service Portal > Device Self-enrollment and select Enable user device certificate self-enrollment.

    SCEP must be enabled to activate this feature, see SCEP.

    The following settings can be configured:

    SCEP enrollment template Select a SCEP enrollment template from the dropdown menu. SCEP can be configured in Certificate Management > SCEP.
    Maximum devices Set the maximum number of devices that a user can self-enroll.
    Key size Select the key size for self-enrolled certificates (1024, 2048, or 4096 bits).
    Note that iOS devices only support 1024 and 2048.
    Enable self-enrollment for Smart Card certificate Select to enable self-enrollment for smart card certificates.
    This requires that a Device FQDN be configured (in the System Information widget under System > Dashboard > Status), as it is used in the CRL Distribution Points (CDPs) certificate extension.

    Select OK to apply any changes you have made.

    Previous
    Next

    Device self-enrollment

    Device self-enrollment

    Device certificate self-enrollment is a method for local and remote users to obtain certificates for their devices. It can be used to enable EAP-TLS for BYOD configurations, or for VPN authentication. For example:

    • A user brings their tablet to a BYOD organization.
    • They log in to FortiAuthenticator and create a certificate for the device.
    • With their certificate, username, and password they can authenticate to gain access to the wireless network.
    • Without the certificate, they are unable to access the network.
    EAP-TLS is a bidirectional certificate authentication method; the client and the FortiAuthenticator EAP need to have matching certificates from the same CA.

    To enable device self-enrollment and adjust self-enrollment settings, go to Authentication > Self-service Portal > Device Self-enrollment and select Enable user device certificate self-enrollment.

    SCEP must be enabled to activate this feature, see SCEP.

    The following settings can be configured:

    SCEP enrollment template Select a SCEP enrollment template from the dropdown menu. SCEP can be configured in Certificate Management > SCEP.
    Maximum devices Set the maximum number of devices that a user can self-enroll.
    Key size Select the key size for self-enrolled certificates (1024, 2048, or 4096 bits).
    Note that iOS devices only support 1024 and 2048.
    Enable self-enrollment for Smart Card certificate Select to enable self-enrollment for smart card certificates.
    This requires that a Device FQDN be configured (in the System Information widget under System > Dashboard > Status), as it is used in the CRL Distribution Points (CDPs) certificate extension.

    Select OK to apply any changes you have made.

    Previous
    Next