General
To configure general SAML IdP portal settings:
- Go to Authentication > SAML IdP > General, and select Enable SAML Identity Provider portal.
- Configure the following settings:
Device FQDN To configure this setting, you must enter a Device FQDN in the System Information widget in the Dashboard. Server address Enter the IP address or FQDN of the FortiAuthenticator device. IdP-initiated login URL The URL used to access the IdP portal in an IdP-initiated login scenario.
SPs configured in FortiAuthenticator must have the option Support IdP-initiated assertion response enabled in order to be listed in the portal.
Username input format Select one of the following three username input formats:
- username@realm
- realm\username
- realm/username
Use default realm when user-provided realm is different from all configured realms
When enabled, FortiAuthenticator selects the default realm for authentication when the user-specified realm is different from all configured realms.
Realms Select Add a realm to add the default local realm to which the users will be associated.
Use Groups and Filter to add specific user groups.
The maximum number of allowed realms is equal to the maximum number of realms in the legacy self-service portal plus the realms in SAML IdP.
A maximum of 20 realms can be added.
Login session timeout Set the user's login session timeout limit between 5 - 1440 minutes (one day). The default is 480 minutes (eight hours). Default IdP certificate Select a default certificate the IdP uses to sign SAML assertions from the dropdown menu. Get nested groups for user
Enable to get nested groups for Windows AD users.
IAM login
Enable to allow IAM login.
- Select OK to apply any changes that you have made.