Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

General

To configure general SAML IdP portal settings:
  1. Go to Authentication > SAML IdP > General, and select Enable SAML Identity Provider portal.

  2. Configure the following settings:
    Device FQDN To configure this setting, you must enter a Device FQDN in the System Information widget in the Dashboard.
    Server address Enter the IP address or FQDN of the FortiAuthenticator device.
    IdP-initiated login URL

    The URL used to access the IdP portal in an IdP-initiated login scenario.

    SPs configured in FortiAuthenticator must have the option Support IdP-initiated assertion response enabled in order to be listed in the portal.

    Username input format

    Select one of the following three username input formats:

    • username@realm
    • realm\username
    • realm/username
    Realms

    Select Add a realm to add the default local realm to which the users will be associated.

    Use Groups and Filter to add specific user groups.

    Login session timeout Set the user's login session timeout limit between 5 - 1440 minutes (one day). The default is 480 minutes (eight hours).
    Default IdP certificate Select a default certificate the IdP uses to sign SAML assertions from the dropdown menu.
  3. Select OK to apply any changes that you have made.

General

To configure general SAML IdP portal settings:
  1. Go to Authentication > SAML IdP > General, and select Enable SAML Identity Provider portal.

  2. Configure the following settings:
    Device FQDN To configure this setting, you must enter a Device FQDN in the System Information widget in the Dashboard.
    Server address Enter the IP address or FQDN of the FortiAuthenticator device.
    IdP-initiated login URL

    The URL used to access the IdP portal in an IdP-initiated login scenario.

    SPs configured in FortiAuthenticator must have the option Support IdP-initiated assertion response enabled in order to be listed in the portal.

    Username input format

    Select one of the following three username input formats:

    • username@realm
    • realm\username
    • realm/username
    Realms

    Select Add a realm to add the default local realm to which the users will be associated.

    Use Groups and Filter to add specific user groups.

    Login session timeout Set the user's login session timeout limit between 5 - 1440 minutes (one day). The default is 480 minutes (eight hours).
    Default IdP certificate Select a default certificate the IdP uses to sign SAML assertions from the dropdown menu.
  3. Select OK to apply any changes that you have made.