- Go to Users > Users.
- Select the desired user from the list.
The Users window opens.
- Go to the Applications tab and select +.
- In the Assign new login to window, select the previously created application, and select Continue.
If only one application exists or is unassigned to a user, it is automatically selected.
In the new dialog that appears:
- Ensure that Allow the user to sign in is selected.
- In NameID value, enter the user email address.
- In group, enter OneLogin.
The group parameter has been manually overridden.
The group value is contained in the SAML assertion and the FortiGate firewall policy configuration step uses it to match group information and grant users access based on the OneLogin group affiliation.
- Ensure that email is same as NameID value.
- Click Save.