Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAuthenticator 6.4.9 Administration Guide
    6.4.9
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.0
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.1
    4.2.0

    SSO users and groups

    SSO users and groups

    To manage SSO users and groups, go to Fortinet SSO Methods > SSO > SSO Users or SSO Groups.

    The following options are available:

    Create New

    Select to create a new user or group.

    In the Create New SSO User or Create New SSO Group window, enter a name for the user or group, then select OK.
    Import Import SSO users or groups from a remote LDAP server.
    Delete Delete the selected users or groups.
    Edit Edit the selected user or group.
    Name The SSO user or group names.
    Created/Imported Displays whether or not the user or user group was created or imported.

    FortiAuthenticator SSO user groups cannot be used directly in a security policy on a FortiGate device. An FSSO user group must be created on the FortiGate unit, then the FortiAuthenticator SSO groups must be added to it. FortiGate FSSO user groups are available for selection in identity-based security policies. See the FortiOS Handbook for more information.

    To import SSO users or groups:
    1. In the SSO Users or SSO Groups list, select Import.
      • In the Import SSO Users or Import SSO Groups window, select whether to import the DN or Username, and select a remote LDAP server from the Remote LDAP Server dropdown menu, then select Browse.
      • In the Import SSO Groups window, select a remote LDAP server from the Remote LDAP Server dropdown menu and select Browse. Alternatively, select Azure ADFS and specify the Graph API Service Root, Client ID, and Client key.
      An LDAP server must already be configured to select it in the dropdown menu. See LDAP service for more information on adding a remote LDAP server.

      2. The Import SSO Users or Import SSO Groups window opens in a new browser window.

    2. Optionally, edit the Distinguished name. This field is automatically filled when you select a remote LDAP server from the Remote LDAP Server dropdown.
    3. Optionally, enter a Filter string to reduce the number of entries returned, and then select Apply, or select Clear to clear the filters.

      4. For example, uid=j* returns only user IDs beginning with “j”.

    4. The default configuration imports the attributes commonly associated with Microsoft Active Directory LDAP implementations. Select User attributes to edit the remote LDAP user mapping attributes.

      5. Selecting the field, FirstName for example, presents a list of attributes which have been detected and can be selected. This list is not exhaustive; other non-displayed attributes may be available for import. Consult your LDAP administrator for a list of available attributes.

    5. Select the entries you want to import.
    6. Optionally, select a logo from the FortiToken Logo dropdown menu to associate the imported users with the specified logo. This logo is displayed beside the one-time password in FortiToken. See FortiTokens for more information.
    7. Optionally, select an IAM account from the IAM Account dropdown to associate the imported users with the specified IAM account. See Identity and Account Management (IAM).
    8. Select OK to import the users or groups.
    Previous
    Next

    SSO users and groups

    SSO users and groups

    To manage SSO users and groups, go to Fortinet SSO Methods > SSO > SSO Users or SSO Groups.

    The following options are available:

    Create New

    Select to create a new user or group.

    In the Create New SSO User or Create New SSO Group window, enter a name for the user or group, then select OK.
    Import Import SSO users or groups from a remote LDAP server.
    Delete Delete the selected users or groups.
    Edit Edit the selected user or group.
    Name The SSO user or group names.
    Created/Imported Displays whether or not the user or user group was created or imported.

    FortiAuthenticator SSO user groups cannot be used directly in a security policy on a FortiGate device. An FSSO user group must be created on the FortiGate unit, then the FortiAuthenticator SSO groups must be added to it. FortiGate FSSO user groups are available for selection in identity-based security policies. See the FortiOS Handbook for more information.

    To import SSO users or groups:
    1. In the SSO Users or SSO Groups list, select Import.
      • In the Import SSO Users or Import SSO Groups window, select whether to import the DN or Username, and select a remote LDAP server from the Remote LDAP Server dropdown menu, then select Browse.
      • In the Import SSO Groups window, select a remote LDAP server from the Remote LDAP Server dropdown menu and select Browse. Alternatively, select Azure ADFS and specify the Graph API Service Root, Client ID, and Client key.
      An LDAP server must already be configured to select it in the dropdown menu. See LDAP service for more information on adding a remote LDAP server.

      2. The Import SSO Users or Import SSO Groups window opens in a new browser window.

    2. Optionally, edit the Distinguished name. This field is automatically filled when you select a remote LDAP server from the Remote LDAP Server dropdown.
    3. Optionally, enter a Filter string to reduce the number of entries returned, and then select Apply, or select Clear to clear the filters.

      4. For example, uid=j* returns only user IDs beginning with “j”.

    4. The default configuration imports the attributes commonly associated with Microsoft Active Directory LDAP implementations. Select User attributes to edit the remote LDAP user mapping attributes.

      5. Selecting the field, FirstName for example, presents a list of attributes which have been detected and can be selected. This list is not exhaustive; other non-displayed attributes may be available for import. Consult your LDAP administrator for a list of available attributes.

    5. Select the entries you want to import.
    6. Optionally, select a logo from the FortiToken Logo dropdown menu to associate the imported users with the specified logo. This logo is displayed beside the one-time password in FortiToken. See FortiTokens for more information.
    7. Optionally, select an IAM account from the IAM Account dropdown to associate the imported users with the specified IAM account. See Identity and Account Management (IAM).
    8. Select OK to import the users or groups.
    Previous
    Next