Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAuthenticator 6.6.1 Administration Guide
    6.6.1
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.0
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.1
    4.2.0

    Service providers

    Service providers

    Service providers (SP) can be managed from Authentication > SCIM > Service Provider.

    To configure SCIM service provider settings:
    1. In Authentication > SCIM > Service Provider, select Create New.

      The Create New Scim Service Provider window opens.

    2. Enter the following information:

      Edit Service Provider

      Name

      Enter the name for the SCIM SP.

      SCIM endpoint

      Enter the SCIM SP IP address.

      Access token

      Enter the SCIM SP access token.

      Users/Groups To Synchronize

      Remote auth. server

      From the dropdown, select a remote authentication server (LDAP, RADIUS, or SAML) or select local users.

      Synchronization set

      Select from the following two options to synchronize users/groups:

      • All users/groups (default)

      • Custom: Select user groups from Available Groups list and move them to the Chosen Groups list.

        Only the selected user groups and the members of those user groups are synced.

        For remote LDAP servers, only groups with the list of users are included. These are groups without LDAP filter.

      User Attributes Mapping

      User name

      Enter the user name. Set to userName by default.

      First name

      Enter the attribute that specifies the user's first name. Set to name.givenName by default.

      Last name

      Enter the attribute that specifies the user's last name. Set to name.familyName by default.

      Email

      Enter the attribute that specifies the user's email address. Set to emails[type eq "work"].value by default.

      Phone number

      Enter the attribute that specifies the user's phone number.

      Mobile number

      Enter the attribute that specifies the user's mobile number. Set to phoneNumbers[type eq"mobile"].value by default.

      User display name

      Enter the attribute that specifies the user's display name. Set to displayName by default.

      Company

      Enter the attribute that specifies the user's company. Set to organization by default.

      Department

      Enter the attribute that specifies the user's department. Set to department by default.

      Title

      Enter the attribute that specifies the title. Set to title by default.

      Active

      Enter the attribute that specifies the user status. Set to active by default.

      Custom fields configured in Authentication > User Account Policies > Custom User Fields are available here.

      Group Attributes Mapping

      Group display name

      Enter the attribute that specifies the group's display name. Set to displayName by default.

      Group members

      Enter the attribute that specifies group's members. Set to members by default.

    3. Click Save.
    Previous
    Next

    Service providers

    Service providers

    Service providers (SP) can be managed from Authentication > SCIM > Service Provider.

    To configure SCIM service provider settings:
    1. In Authentication > SCIM > Service Provider, select Create New.

      The Create New Scim Service Provider window opens.

    2. Enter the following information:

      Edit Service Provider

      Name

      Enter the name for the SCIM SP.

      SCIM endpoint

      Enter the SCIM SP IP address.

      Access token

      Enter the SCIM SP access token.

      Users/Groups To Synchronize

      Remote auth. server

      From the dropdown, select a remote authentication server (LDAP, RADIUS, or SAML) or select local users.

      Synchronization set

      Select from the following two options to synchronize users/groups:

      • All users/groups (default)

      • Custom: Select user groups from Available Groups list and move them to the Chosen Groups list.

        Only the selected user groups and the members of those user groups are synced.

        For remote LDAP servers, only groups with the list of users are included. These are groups without LDAP filter.

      User Attributes Mapping

      User name

      Enter the user name. Set to userName by default.

      First name

      Enter the attribute that specifies the user's first name. Set to name.givenName by default.

      Last name

      Enter the attribute that specifies the user's last name. Set to name.familyName by default.

      Email

      Enter the attribute that specifies the user's email address. Set to emails[type eq "work"].value by default.

      Phone number

      Enter the attribute that specifies the user's phone number.

      Mobile number

      Enter the attribute that specifies the user's mobile number. Set to phoneNumbers[type eq"mobile"].value by default.

      User display name

      Enter the attribute that specifies the user's display name. Set to displayName by default.

      Company

      Enter the attribute that specifies the user's company. Set to organization by default.

      Department

      Enter the attribute that specifies the user's department. Set to department by default.

      Title

      Enter the attribute that specifies the title. Set to title by default.

      Active

      Enter the attribute that specifies the user status. Set to active by default.

      Custom fields configured in Authentication > User Account Policies > Custom User Fields are available here.

      Group Attributes Mapping

      Group display name

      Enter the attribute that specifies the group's display name. Set to displayName by default.

      Group members

      Enter the attribute that specifies group's members. Set to members by default.

    3. Click Save.
    Previous
    Next