Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Identity & Access Management (IAM)

    Home FortiCloud Services 25.2.0 Identity & Access Management (IAM)
    25.2.0
    25.2.0

    Adding external IdP roles

    Adding external IdP roles

    Create external IdP roles to allow users to log in to a cloud portal with their organization's user credentials using a third-party ID provider.

    Before you can create external IdP roles, you must create a permission profile. See Permission profiles.

    To add an external user role:
    1. Select Users from the left-hand navigation menu. The Users page opens.
    2. Click Add New > External IdP Role. The External IdP Role page opens.
    3. In the Role Name field, type the name of the role. For more information on what to name the role, see Adding external IdP roles to the application.
    4. (Optional) In the Description field, enter a description of the role.
    5. From the Permission Scope dropdown, select an asset folder.

    6. In the Permissions Profile dropdown, select a profile.

      The Permission Details assigned to the selected profile are displayed.

      Note

      If the SysAdmin profile is selected, a message will display instead of portal cards to denote that the user has full access to the Asset Management, IAM, and FortiCare portals. SysAdmin has access to Assets&Accounts and Support but does not provide access to Cloud Management or Cloud Services. See Creating a permission profile.

      If the permission profile selected includes portals that do not support external IdP, the portals will be marked as Not Supported.

    7. Click Add Role.

    Managing external IdP roles

    You can manage external IdP roles from the Users page, including enabling, disabling, and deleting users.

    To delete a role:
    1. Select Users from the left-hand navigation menu. The Users page opens.
    2. Select a role from the list.
    3. Click Delete. The Delete Third Party IdP Role(s) dialog is displayed.
    4. Click Confirm.
    To disable a role:
    1. Select Users from the left-hand navigation menu. The Users page opens.
    2. Select a role from the list.
    3. Click Disable. The Disable User Third Party IdP Role(s) dialog is displayed.
    4. Click Confirm.
    To enable a role:
    1. Select Users from the left-hand navigation menu. The Users page opens.
    2. Double-click the disabled role. The Manage External IdP Roles ><name> pane opens.
    3. Click Edit.
    4. From the Status dropdown, select active.
    5. Click Update.
    Previous
    Next

    Adding external IdP roles

    Adding external IdP roles

    Create external IdP roles to allow users to log in to a cloud portal with their organization's user credentials using a third-party ID provider.

    Before you can create external IdP roles, you must create a permission profile. See Permission profiles.

    To add an external user role:
    1. Select Users from the left-hand navigation menu. The Users page opens.
    2. Click Add New > External IdP Role. The External IdP Role page opens.
    3. In the Role Name field, type the name of the role. For more information on what to name the role, see Adding external IdP roles to the application.
    4. (Optional) In the Description field, enter a description of the role.
    5. From the Permission Scope dropdown, select an asset folder.

    6. In the Permissions Profile dropdown, select a profile.

      The Permission Details assigned to the selected profile are displayed.

      Note

      If the SysAdmin profile is selected, a message will display instead of portal cards to denote that the user has full access to the Asset Management, IAM, and FortiCare portals. SysAdmin has access to Assets&Accounts and Support but does not provide access to Cloud Management or Cloud Services. See Creating a permission profile.

      If the permission profile selected includes portals that do not support external IdP, the portals will be marked as Not Supported.

    7. Click Add Role.

    Managing external IdP roles

    You can manage external IdP roles from the Users page, including enabling, disabling, and deleting users.

    To delete a role:
    1. Select Users from the left-hand navigation menu. The Users page opens.
    2. Select a role from the list.
    3. Click Delete. The Delete Third Party IdP Role(s) dialog is displayed.
    4. Click Confirm.
    To disable a role:
    1. Select Users from the left-hand navigation menu. The Users page opens.
    2. Select a role from the list.
    3. Click Disable. The Disable User Third Party IdP Role(s) dialog is displayed.
    4. Click Confirm.
    To enable a role:
    1. Select Users from the left-hand navigation menu. The Users page opens.
    2. Double-click the disabled role. The Manage External IdP Roles ><name> pane opens.
    3. Click Edit.
    4. From the Status dropdown, select active.
    5. Click Update.
    Previous
    Next