Fortinet Document Library

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Creating a realm and RADIUS policy with EAP-TTLS authentication

To create a realm for the Google Workspace LDAP server:
  1. Go to Authentication > User Management > Realms, click Create New.
  2. Enter a Name for the realm.

    The realm name may only contain letters, numbers, periods, hyphens, and underscores. It cannot start or end with a special character.

  3. Select the previously set Google Workspace LDAP server for the realm from the User source dropdown.
  4. Click OK to create the new realm.
To create a RADIUS policy:
  1. In Authentication > RADIUS Service > Policies, click Create New.
  2. For RADIUS clients, enter an identifiable policy name and description, and add the newly created RADIUS client to the policy. Click Next.

  3. For RADIUS attribute criteria, no settings are required. Click Next.
    1. For Authentication type, select Password/OTP authentication, enable Accept EAP, then enable EAP-TTLS. Click Next.

      This allows using EAP-TTLS and PAP in the user's device Wireless settings.

  4. For Identity source, choose a username format, and select the realm related to Google Workspace Secure LDAP. Click Next.

  5. For Authentication factors, select Every configured password and OTP factors, and click Next.

    In this menu you can also enable the option to Allow FortiToken Mobile push notifications.

  6. For RADIUS response, review the policy, and click Save and exit.

Creating a realm and RADIUS policy with EAP-TTLS authentication

To create a realm for the Google Workspace LDAP server:
  1. Go to Authentication > User Management > Realms, click Create New.
  2. Enter a Name for the realm.

    The realm name may only contain letters, numbers, periods, hyphens, and underscores. It cannot start or end with a special character.

  3. Select the previously set Google Workspace LDAP server for the realm from the User source dropdown.
  4. Click OK to create the new realm.
To create a RADIUS policy:
  1. In Authentication > RADIUS Service > Policies, click Create New.
  2. For RADIUS clients, enter an identifiable policy name and description, and add the newly created RADIUS client to the policy. Click Next.

  3. For RADIUS attribute criteria, no settings are required. Click Next.
    1. For Authentication type, select Password/OTP authentication, enable Accept EAP, then enable EAP-TTLS. Click Next.

      This allows using EAP-TTLS and PAP in the user's device Wireless settings.

  4. For Identity source, choose a username format, and select the realm related to Google Workspace Secure LDAP. Click Next.

  5. For Authentication factors, select Every configured password and OTP factors, and click Next.

    In this menu you can also enable the option to Allow FortiToken Mobile push notifications.

  6. For RADIUS response, review the policy, and click Save and exit.