Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAuthenticator 6.4.1 Administration Guide
    6.4.1
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.0
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.1
    4.2.0

    OAUTH

    OAUTH

    FortiAuthenticator can be configured to connect to remote OAuth servers to dynamically look up group memberships from third-party SAML identify providers, such as G Suite and Azure, for SAML SP FSSO.

    To add a remote OAuth Server:
    1. Go to Authentication > Remote Auth. Servers > OAUTH and select Create New.

      2. The Create New Remote OAuth Server window appears.

    2. Enter the following information:
      NameEnter the name for the remote OAuth server on FortiAuthenticator.
      OAuth source

      Select Facebook, Google, LinkedIn, Twitter, WeChat, Azure Directory, or G Suite Directory as the OAuth source.

      For Facebook, Google, LinkedIn, Twitter, and WeChat enter the Key and Secret for the selected OAuth source.

      For Azure Directory, enter the Client ID and Client Key for the Azure Directory.

      For G Suite Directory, enter the G-suite admin and select and upload the Service account key file (.json) for the G Suite Directory.

      Key

      Enter the OAuth application key for the selected OAuth source. This option is only available when Facebook, Google, LinkedIn, Twitter, or WeChat is selected as an OAuth source.

      Secret

      Enter the OAuth application secret for the selected OAuth source .This option is only available when Facebook, Google, LinkedIn, Twitter, or WeChat is selected as an OAuth source.

      Client ID

      Enter the application ID for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

      Client Key

      Enter the key for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

      G-suite admin

      Enter the G Suite admin username for the G Suite Directory application. This option is only available when G Suite Directory is selected as an OAuth source.

      Service account key file (.json)

      Select and upload the service account key file for the G Suite Directory application, obtained from the Google developers portal. This option is only available when G Suite Directory is selected as an OAuth source.

    3. Select OK to add the remote OAuth server.
    Previous
    Next

    OAUTH

    OAUTH

    FortiAuthenticator can be configured to connect to remote OAuth servers to dynamically look up group memberships from third-party SAML identify providers, such as G Suite and Azure, for SAML SP FSSO.

    To add a remote OAuth Server:
    1. Go to Authentication > Remote Auth. Servers > OAUTH and select Create New.

      2. The Create New Remote OAuth Server window appears.

    2. Enter the following information:
      NameEnter the name for the remote OAuth server on FortiAuthenticator.
      OAuth source

      Select Facebook, Google, LinkedIn, Twitter, WeChat, Azure Directory, or G Suite Directory as the OAuth source.

      For Facebook, Google, LinkedIn, Twitter, and WeChat enter the Key and Secret for the selected OAuth source.

      For Azure Directory, enter the Client ID and Client Key for the Azure Directory.

      For G Suite Directory, enter the G-suite admin and select and upload the Service account key file (.json) for the G Suite Directory.

      Key

      Enter the OAuth application key for the selected OAuth source. This option is only available when Facebook, Google, LinkedIn, Twitter, or WeChat is selected as an OAuth source.

      Secret

      Enter the OAuth application secret for the selected OAuth source .This option is only available when Facebook, Google, LinkedIn, Twitter, or WeChat is selected as an OAuth source.

      Client ID

      Enter the application ID for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

      Client Key

      Enter the key for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

      G-suite admin

      Enter the G Suite admin username for the G Suite Directory application. This option is only available when G Suite Directory is selected as an OAuth source.

      Service account key file (.json)

      Select and upload the service account key file for the G Suite Directory application, obtained from the Google developers portal. This option is only available when G Suite Directory is selected as an OAuth source.

    3. Select OK to add the remote OAuth server.
    Previous
    Next