Fortinet white logo
Fortinet white logo

Administration Guide

RADIUS accounting sources

RADIUS accounting sources

If required, SSO can be based on RADIUS accounting records. The FortiAuthenticator receives RADIUS accounting packets from a carrier RADIUS server or network device, such as a wireless controller, collects additional group information, and then inserts it into FSSO for use by multiple FortiGate devices for identity based policies.

The FortiAuthenticator must be configured as a RADIUS accounting client to the RADIUS server.

To view the RADIUS accounting SSO client list, go to Fortinet SSO Methods > SSO > RADIUS Accounting Sources.

To configure and enable a RADIUS accounting client:
  1. From the RADIUS accounting SSO client list, select Create New. The Create New RADIUS Accounting SSO Client window opens.
  2. Enter the following information:
    NameEnter a name in the Name field to identify the RADIUS accounting client on the FortiAuthenticator.
    Client name/IPEnter the RADIUS accounting client’s FQDN or IP address.
    SecretEnter the RADIUS accounting client’s pre-shared key.
    DescriptionOptionally, enter a description of the client.
    SSO user typeSpecify the type of user that the client will provide: external, local, or remote (LDAP server must be selected from the dropdown menu).
    Strip off prefix or suffix from username if anyEnable to strip prefixes and suffixes from the SSO usernames.
    RADIUS AttributesIf required, customize the username, client IP, and user group RADIUS attributes to match the ones used in the incoming RADIUS accounting records. See RADIUS attributes.
  3. Select OK to apply the changes.
  4. Enable RADIUS accounting SSO clients by going to Fortinet SSO Methods > SSO > General and selecting Enable RADIUS Accounting SSO clients. See General settings.

RADIUS accounting sources

RADIUS accounting sources

If required, SSO can be based on RADIUS accounting records. The FortiAuthenticator receives RADIUS accounting packets from a carrier RADIUS server or network device, such as a wireless controller, collects additional group information, and then inserts it into FSSO for use by multiple FortiGate devices for identity based policies.

The FortiAuthenticator must be configured as a RADIUS accounting client to the RADIUS server.

To view the RADIUS accounting SSO client list, go to Fortinet SSO Methods > SSO > RADIUS Accounting Sources.

To configure and enable a RADIUS accounting client:
  1. From the RADIUS accounting SSO client list, select Create New. The Create New RADIUS Accounting SSO Client window opens.
  2. Enter the following information:
    NameEnter a name in the Name field to identify the RADIUS accounting client on the FortiAuthenticator.
    Client name/IPEnter the RADIUS accounting client’s FQDN or IP address.
    SecretEnter the RADIUS accounting client’s pre-shared key.
    DescriptionOptionally, enter a description of the client.
    SSO user typeSpecify the type of user that the client will provide: external, local, or remote (LDAP server must be selected from the dropdown menu).
    Strip off prefix or suffix from username if anyEnable to strip prefixes and suffixes from the SSO usernames.
    RADIUS AttributesIf required, customize the username, client IP, and user group RADIUS attributes to match the ones used in the incoming RADIUS accounting records. See RADIUS attributes.
  3. Select OK to apply the changes.
  4. Enable RADIUS accounting SSO clients by going to Fortinet SSO Methods > SSO > General and selecting Enable RADIUS Accounting SSO clients. See General settings.