Fortinet Document Library

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

802.1X authentication using FortiAuthenticator with Google Workspace User Database

This recipe walks you through integrating FortiAP using a WPA2-Enterprise WLAN encryption with 802.1X authentication using FortiAuthenticator against Google Workspace as the user database with Secure LDAP.

The customer uses Google Workspace user database to validate that a corporate user has a valid username and password and that they can authenticate to join the corporate network. FortiAuthenticator also provides dynamic VLAN here.

Topology

In this example, the user attempts to join the corporate WLAN; a WPA2-Enterprise WLAN, using FortiAuthenticator as a RADIUS server. FortiGate acts as an authenticator forwarding the request to FortiAuthenticator.

FortiAuthenticator is the authentication server and forwards the user request to a remote LDAP server. Here, Google Workspace using Secure LDAP.

If authentication succeeds, the user joins the corporate WLAN and receives attributes from FortiAuthenticator, such as a dynamic VLAN.

To configure 802.1X authentication using FortiAuthenticator with Google Workspace User Database:
  1. Configuring FortiGate as a RADIUS client.
  2. Configuring Google Workspace as an LDAP server. See G Suite integration using LDAP.
  3. Creating a realm and RADIUS policy with EAP-TTLS authentication.
  4. Configuring FortiAuthenticator as a RADIUS server in FortiGate.
  5. Configuring a WPA2-Enterprise with FortiAuthenticator as the RADIUS server.
  6. Configuring Windows or macOS to use EAP-TTLS and PAP.

802.1X authentication using FortiAuthenticator with Google Workspace User Database

This recipe walks you through integrating FortiAP using a WPA2-Enterprise WLAN encryption with 802.1X authentication using FortiAuthenticator against Google Workspace as the user database with Secure LDAP.

The customer uses Google Workspace user database to validate that a corporate user has a valid username and password and that they can authenticate to join the corporate network. FortiAuthenticator also provides dynamic VLAN here.

Topology

In this example, the user attempts to join the corporate WLAN; a WPA2-Enterprise WLAN, using FortiAuthenticator as a RADIUS server. FortiGate acts as an authenticator forwarding the request to FortiAuthenticator.

FortiAuthenticator is the authentication server and forwards the user request to a remote LDAP server. Here, Google Workspace using Secure LDAP.

If authentication succeeds, the user joins the corporate WLAN and receives attributes from FortiAuthenticator, such as a dynamic VLAN.

To configure 802.1X authentication using FortiAuthenticator with Google Workspace User Database:
  1. Configuring FortiGate as a RADIUS client.
  2. Configuring Google Workspace as an LDAP server. See G Suite integration using LDAP.
  3. Creating a realm and RADIUS policy with EAP-TTLS authentication.
  4. Configuring FortiAuthenticator as a RADIUS server in FortiGate.
  5. Configuring a WPA2-Enterprise with FortiAuthenticator as the RADIUS server.
  6. Configuring Windows or macOS to use EAP-TTLS and PAP.