Fortinet white logo
Fortinet white logo

Administration Guide

OAUTH

OAUTH

FortiAuthenticator can be configured to connect to remote OAuth servers to dynamically look up group memberships from third-party SAML identify providers, such as G Suite and Azure, for SAML SP FSSO.

To add a remote OAuth Server:
  1. Go to Authentication > Remote Auth. Servers > OAUTH and select Create New.
  2. The Create New Remote OAuth Server window appears.

  3. Enter the following information:
    NameEnter the name for the remote OAuth server on FortiAuthenticator.
    OAuth source

    Select Facebook, Google, LinkedIn, Twitter, WeChat, Azure Directory, or G Suite Directory as the OAuth source.

    For Facebook, Google, LinkedIn, Twitter, and WeChat enter the Key and Secret for the selected OAuth source.

    For Azure Directory:

    • Enter the Client ID and Client Key for the Azure Directory.

    • Enable Include for FSSO and enter the Azure AD tenant ID.

    For G Suite Directory, enter the G-suite admin and select and upload the Service account key file (.json) for the G Suite Directory.

    Key

    Enter the OAuth application key for the selected OAuth source. This option is only available when Facebook, Google, LinkedIn, Twitter, or WeChat is selected as an OAuth source.

    Secret

    Enter the OAuth application secret for the selected OAuth source .This option is only available when Facebook, Google, LinkedIn, Twitter, or WeChat is selected as an OAuth source.

    Client ID

    Enter the application ID for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

    Client Key

    Enter the key for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

    Include for SSO

    Enable to include the OAuth server for SSO.

    This option is only available when Azure Directory is selected as the OAuth source.

    Note: The option is disabled by default.

    For information on configuring SSOMA with AD, see Configuring SSOMA with AD in the latest EMS Administration Guide.

    Azure AD tenant ID

    Enter the Azure AD tenant ID.

    Note: The option is only available when Include for SSO is enabled.

    G-suite admin

    Enter the G Suite admin username for the G Suite Directory application. This option is only available when G Suite Directory is selected as an OAuth source.

    Service account key file (.json)

    Select and upload the service account key file for the G Suite Directory application, obtained from the Google developers portal. This option is only available when G Suite Directory is selected as an OAuth source.

  4. Select Save to add the remote OAuth server.

OAUTH

OAUTH

FortiAuthenticator can be configured to connect to remote OAuth servers to dynamically look up group memberships from third-party SAML identify providers, such as G Suite and Azure, for SAML SP FSSO.

To add a remote OAuth Server:
  1. Go to Authentication > Remote Auth. Servers > OAUTH and select Create New.
  2. The Create New Remote OAuth Server window appears.

  3. Enter the following information:
    NameEnter the name for the remote OAuth server on FortiAuthenticator.
    OAuth source

    Select Facebook, Google, LinkedIn, Twitter, WeChat, Azure Directory, or G Suite Directory as the OAuth source.

    For Facebook, Google, LinkedIn, Twitter, and WeChat enter the Key and Secret for the selected OAuth source.

    For Azure Directory:

    • Enter the Client ID and Client Key for the Azure Directory.

    • Enable Include for FSSO and enter the Azure AD tenant ID.

    For G Suite Directory, enter the G-suite admin and select and upload the Service account key file (.json) for the G Suite Directory.

    Key

    Enter the OAuth application key for the selected OAuth source. This option is only available when Facebook, Google, LinkedIn, Twitter, or WeChat is selected as an OAuth source.

    Secret

    Enter the OAuth application secret for the selected OAuth source .This option is only available when Facebook, Google, LinkedIn, Twitter, or WeChat is selected as an OAuth source.

    Client ID

    Enter the application ID for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

    Client Key

    Enter the key for the Azure Directory application, obtained from the Azure portal. This option is only available when Azure Directory is selected as an OAuth source.

    Include for SSO

    Enable to include the OAuth server for SSO.

    This option is only available when Azure Directory is selected as the OAuth source.

    Note: The option is disabled by default.

    For information on configuring SSOMA with AD, see Configuring SSOMA with AD in the latest EMS Administration Guide.

    Azure AD tenant ID

    Enter the Azure AD tenant ID.

    Note: The option is only available when Include for SSO is enabled.

    G-suite admin

    Enter the G Suite admin username for the G Suite Directory application. This option is only available when G Suite Directory is selected as an OAuth source.

    Service account key file (.json)

    Select and upload the service account key file for the G Suite Directory application, obtained from the Google developers portal. This option is only available when G Suite Directory is selected as an OAuth source.

  4. Select Save to add the remote OAuth server.