You must first generate certificates to authenticate the LDAP client with Secure LDAP service.
- From the Google Admin console, go to Apps > LDAP.
- Select one of the clients in the list.
- Click the Authentication card.
- Click GENERATE NEW CERTIFICATE, then click the download icon to download the certificate.
- Upload the certificate to your client, and configure the application.
Depending on the type of LDAP client, configuration may require LDAP access credentials. See Generate access credentials.
Once you have uploaded the certificate to your client, G Suite will generate a client certificate and key.
Store the certificate and key in a safe place.
By default, FortiAuthenticator will not trust the certificate issued by Google. You must install Google Trusted CAs to match the chain group, which can be downloaded at https://pki.goog/.
GTS Root R1
GTS Root R2