- On the FortiAuthenticator, go to Authentication > RADIUS Service > Clients, and select Create New.
- Enter a Name, the IP address of the FortiGate, and set a Secret.
The secret is a pre-shared secure password that the FortiGate will use to authenticate to the FortiAuthenticator.
- Go to Authentication > RADIUS Service > Policies, and select Create New.
- Enter the RADIUS policy name, description, and select the FortiGate RADIUS client.
- Do not configure RADIUS attribute criteria.
- Set the authentication type as Password/OTP authentication, and enable all EAP types.
- Choose a username format (in this example: username@realm), select the Local realm.
Add the user group employees as a filter.
- Review the remaining configurations, and click Save and Exit.