Fortinet white logo
Fortinet white logo

Administration Guide

Scopes

Scopes

Scopes in Authentication > OAuth Service lists scopes authorized for relying parties.

A scope is a string with the following characteristics:

  • 1 to 64 ASCII characters in length

  • Case-sensitive

  • Allowed characters are all printable ASCII characters (0x21 to 0x7E), except the double-quotes " (0x22) and the backslash \ (0x5C).

There are two types of scopes:

  • Default: Scope is always assigned to the OAuth session, even if the relying party does not request it.

  • Optional: Scope is only assigned to the OAuth session if the relying party explicitly requests it.

When forming a list of more than one scope, each scope is separated by a whitespace, e.g., "read write".

A default openid scope is available.

To configure a scope:
  1. From the Scopes list, select Create New to create a new OAuth scope.

    The Create New OAuth Scope window opens.

  2. Enter the following information:

    Name

    The name of the scope.

    Note: The name appears in the scope parameter of the API endpoints.

    Description

    A string value.

  3. Click OK.
To add a scope to a relying party:
  1. When editing a relying party, select Add Relying Party Scope in the Relying Party Scopes pane.
  2. From the Scope dropdown, select a scope.
  3. In Scope Type, select either Optional or Default.

    The default openid scope is already added and can be removed by clicking x.

    The scopes included in the default and optional lists must be mutually exclusive, i.e., the same scope must not appear in both default and optional lists.

  4. Click OK to save the relying party or click Add Relying Party Scope to create another scope before saving your changes.

Scopes

Scopes

Scopes in Authentication > OAuth Service lists scopes authorized for relying parties.

A scope is a string with the following characteristics:

  • 1 to 64 ASCII characters in length

  • Case-sensitive

  • Allowed characters are all printable ASCII characters (0x21 to 0x7E), except the double-quotes " (0x22) and the backslash \ (0x5C).

There are two types of scopes:

  • Default: Scope is always assigned to the OAuth session, even if the relying party does not request it.

  • Optional: Scope is only assigned to the OAuth session if the relying party explicitly requests it.

When forming a list of more than one scope, each scope is separated by a whitespace, e.g., "read write".

A default openid scope is available.

To configure a scope:
  1. From the Scopes list, select Create New to create a new OAuth scope.

    The Create New OAuth Scope window opens.

  2. Enter the following information:

    Name

    The name of the scope.

    Note: The name appears in the scope parameter of the API endpoints.

    Description

    A string value.

  3. Click OK.
To add a scope to a relying party:
  1. When editing a relying party, select Add Relying Party Scope in the Relying Party Scopes pane.
  2. From the Scope dropdown, select a scope.
  3. In Scope Type, select either Optional or Default.

    The default openid scope is already added and can be removed by clicking x.

    The scopes included in the default and optional lists must be mutually exclusive, i.e., the same scope must not appear in both default and optional lists.

  4. Click OK to save the relying party or click Add Relying Party Scope to create another scope before saving your changes.