Fortinet black logo

Identity & Access Management (IAM)

Adding external IdP roles

24.1.0
Copy Link
Copy Doc ID cb035e9b-aa60-11ee-8673-fa163e15d75b:65311
Download PDF

Adding external IdP roles

Create external IdP roles to allow users to log in to a cloud portal with their organization's user credentials using a third-party ID provider.

Note

IdP roles are a limited beta feature.

To add an external user role:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Click Add New > External IdP User. The External IdP Role page opens.
  3. In the Role Name field, type the name of the role.
  4. (Optional) In the Description field, enter a description of the role.
  5. From the Permission Scope dropdown, select an asset folder.

  6. In the Permissions Profile dropdown, select a profile. The Permission Details assigned to the selected profile are displayed.

    Note

    If the SysAdmin profile is selected, a message will display instead of portal cards to denote that the user has full access to all portals.

  7. Click Add Role.

After the IAM user is created, the IAM user account holder is required to perform a validation check.

Managing external IdP roles

You can manage external IdP roles from the Users page, including enabling, disabling, and deleting users.

To delete a role:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Select a role from the list.
  3. Click Delete. The Delete Third Party IdP Role(s) dialog is displayed.
  4. Click Confirm.
To disable a role:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Select a role from the list.
  3. Click Disable. The Disable User Third Party IdP Role(s) dialog is displayed.
  4. Click Confirm.
To enable a role:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Double-click the disabled role. The Manage External IdP Roles ><name> pane opens.
  3. Click Edit.
  4. From the Status dropdown, select active.
  5. Click Update.

Adding external IdP roles

Create external IdP roles to allow users to log in to a cloud portal with their organization's user credentials using a third-party ID provider.

Note

IdP roles are a limited beta feature.

To add an external user role:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Click Add New > External IdP User. The External IdP Role page opens.
  3. In the Role Name field, type the name of the role.
  4. (Optional) In the Description field, enter a description of the role.
  5. From the Permission Scope dropdown, select an asset folder.

  6. In the Permissions Profile dropdown, select a profile. The Permission Details assigned to the selected profile are displayed.

    Note

    If the SysAdmin profile is selected, a message will display instead of portal cards to denote that the user has full access to all portals.

  7. Click Add Role.

After the IAM user is created, the IAM user account holder is required to perform a validation check.

Managing external IdP roles

You can manage external IdP roles from the Users page, including enabling, disabling, and deleting users.

To delete a role:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Select a role from the list.
  3. Click Delete. The Delete Third Party IdP Role(s) dialog is displayed.
  4. Click Confirm.
To disable a role:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Select a role from the list.
  3. Click Disable. The Disable User Third Party IdP Role(s) dialog is displayed.
  4. Click Confirm.
To enable a role:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Double-click the disabled role. The Manage External IdP Roles ><name> pane opens.
  3. Click Edit.
  4. From the Status dropdown, select active.
  5. Click Update.