General
To configure general SAML IdP portal settings:
- Go to Authentication > SAML IdP > General, and select Enable SAML Identity Provider portal.
- Configure the following settings:
Device FQDN To configure this setting, you must enter a Device FQDN in the System Information widget in the Dashboard. Server address Enter the IP address or FQDN of the FortiAuthenticator device. IdP-initiated login URL The URL used to access the IdP portal in an IdP-initiated login scenario.
SPs configured in FortiAuthenticator must have the option Support IdP-initiated assertion response enabled in order to be listed in the portal.
Username input format Select one of the following three username input formats:
- username@realm
- realm\username
- realm/username
Realms Select Add a realm to add the default local realm to which the users will be associated.
Use Groups and Filter to add specific user groups.
Login session timeout Set the user's login session timeout limit between 5 - 1440 minutes (one day). The default is 480 minutes (eight hours). Default IdP certificate Select a default certificate the IdP uses to sign SAML assertions from the dropdown menu. Get nested groups for user
Enable to get nested groups for Windows AD users.
- Select OK to apply any changes that you have made.