Fortinet Document Library

Version:

22.1.0

Table of Contents

Identity & Access Management (IAM)

22.1.0
22.1.0
Download PDF
Copy Link

Adding external IdP roles

Create External IdP roles to allow users to log in to a cloud portal with their organization's user credentials using a third-part ID provider.

Note

IdP roles is a limited beta feature. New enrollment requests are not available at this time.
To add an external user role:
  1. Go to Manage External IdP Roles. The Manage External IdP Roles pane opens.

  2. Click Add IDP Role. The Create External IdP Role pane opens.

  3. In the Role Name field, type the name of the role.
  4. (Optional) In the Description field, enter a description of the role.
  5. From the Status dropdown, select active or disabled.
  6. From the Asset Permissions dropdown, select an asset group. See
  7. Configure the Effective Portal Permissions.
    Permission Description
    Allow Portal Access

    Toggle Yes to allow access to a portal.
    Access Type

    The Access Type is defined by the portal. For example, the access types for Asset Management are:

    • Admin

    • Read/Only

    • Read/Write

    Whereas the access types for FortiOS SSO are:

    • SuperAdmin

    • Read Only
    Additional Permission

    Additional permissions vary depending on the portal.

    Asset Management:

    • Recieve Renewal Notification

    FortiCare (Read Only or Read/Write)

    • Customer Serivce

    • Technical Assistance

    • RMA/DOA

    Note

    Some portals have user roles that are specific to that portal. When a portal has a unique user role, the Custom option is displayed. For information about the role, see the product's documentation.
  8. Configure the Cloud Management & Services permissions.
    1. Click Add (+), select a service from the list, and then clickADD.
    2. Click the Edit button, and configure the portal permissions.
      Permission Description
      Allow Portal Access Toggle Yes to grant access to the service.
      AccessType

      The Access Type is defined by the portal. For example, the access types for Asset Management are:

      • Admin

      • Read/Only

      • Read/Write

      Whereas the access types for FortiOS SSO are:

      • SuperAdmin

      • Read Only
    3. Click Confirm.
  9. Click Update.

After the IAM user is created, the IAM user account holder is required to perform a validation check.

To delete a role:
  1. Go to Manage External IdP Roles. The Manage External IdP Roles pane opens.
  2. Select a role(s) from the list.
  3. Click Delete. The Delete Third Party IdP Role(s) dialog is displayed.
  4. Click Confirm.
To disable a role:
  1. Go to Manage External IdP Roles. The Manage External IdP Roles pane opens.
  2. Select a role(s) from the list.
  3. Click Disable. The Disable User Third Party IdP Role(s) dialog is displayed.
  4. Click Confirm.
To enable a role:
  1. Go to Manage External IdP Roles. The Manage External IdP Roles pane opens.
  2. Double-click the disabled role. The Manage External IdP Roles ><name> pane opens.
  3. Click Edit.
  4. From the Status dropdown, select active.
  5. Click Update.

Adding external IdP roles

Create External IdP roles to allow users to log in to a cloud portal with their organization's user credentials using a third-part ID provider.

Note

IdP roles is a limited beta feature. New enrollment requests are not available at this time.
To add an external user role:
  1. Go to Manage External IdP Roles. The Manage External IdP Roles pane opens.

  2. Click Add IDP Role. The Create External IdP Role pane opens.

  3. In the Role Name field, type the name of the role.
  4. (Optional) In the Description field, enter a description of the role.
  5. From the Status dropdown, select active or disabled.
  6. From the Asset Permissions dropdown, select an asset group. See
  7. Configure the Effective Portal Permissions.
    Permission Description
    Allow Portal Access

    Toggle Yes to allow access to a portal.
    Access Type

    The Access Type is defined by the portal. For example, the access types for Asset Management are:

    • Admin

    • Read/Only

    • Read/Write

    Whereas the access types for FortiOS SSO are:

    • SuperAdmin

    • Read Only
    Additional Permission

    Additional permissions vary depending on the portal.

    Asset Management:

    • Recieve Renewal Notification

    FortiCare (Read Only or Read/Write)

    • Customer Serivce

    • Technical Assistance

    • RMA/DOA

    Note

    Some portals have user roles that are specific to that portal. When a portal has a unique user role, the Custom option is displayed. For information about the role, see the product's documentation.
  8. Configure the Cloud Management & Services permissions.
    1. Click Add (+), select a service from the list, and then clickADD.
    2. Click the Edit button, and configure the portal permissions.
      Permission Description
      Allow Portal Access Toggle Yes to grant access to the service.
      AccessType

      The Access Type is defined by the portal. For example, the access types for Asset Management are:

      • Admin

      • Read/Only

      • Read/Write

      Whereas the access types for FortiOS SSO are:

      • SuperAdmin

      • Read Only
    3. Click Confirm.
  9. Click Update.

After the IAM user is created, the IAM user account holder is required to perform a validation check.

To delete a role:
  1. Go to Manage External IdP Roles. The Manage External IdP Roles pane opens.
  2. Select a role(s) from the list.
  3. Click Delete. The Delete Third Party IdP Role(s) dialog is displayed.
  4. Click Confirm.
To disable a role:
  1. Go to Manage External IdP Roles. The Manage External IdP Roles pane opens.
  2. Select a role(s) from the list.
  3. Click Disable. The Disable User Third Party IdP Role(s) dialog is displayed.
  4. Click Confirm.
To enable a role:
  1. Go to Manage External IdP Roles. The Manage External IdP Roles pane opens.
  2. Double-click the disabled role. The Manage External IdP Roles ><name> pane opens.
  3. Click Edit.
  4. From the Status dropdown, select active.
  5. Click Update.