Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Identity & Access Management (IAM)

    Home FortiCloud Services 25.2.0 Identity & Access Management (IAM)
    25.2.0
    25.2.0

    Enrolling for external IdP

    Enrolling for external IdP

    Before you can access the external IdP features supported by FortiCloud, you must first enroll for the service.

    To enroll for external IdP access to FortiCloud, you must:

    1. Contact your Fortinet sales representative.

    2. Configure your IdP application.

    3. Fill out the enrollment form with information about your IdP application and FortiCloud account.

    4. Download and share the IdP Metadata file with your Fortinet sales representative.

    Once your enrollment has been approved, you should:

    This document only covers configuring external IdP with Okta and Microsoft Entra ID. However, multiple external identity providers are supported by FortiCloud. This topic includes the following enrollment examples:

    Enrolling with Okta

    External IdP can be enrolled with Okta.

    To enroll for external IdP with Okta:

    1. Contact your Fortinet sales representative about enrolling for external IdP.

    2. Prepare the application:

      1. In Okta, go to Applications > Applications.

      2. Click Create App Integration.

      3. Select SAML 2.0.

      4. Click Next.

      5. Enter an App Name.

      6. Click Next.

      7. Enter a temporary URL into the Single sign-on URL and Audience URI (SP Entity ID) fields, such as https://customersso1.fortinet.com/.

        Note

        After enrollment is complete, your Fortinet sales representative will provide you with the necessary URLs.

      8. Click Next.

      9. Select the App type.

      10. Click Finish. The Metadata file is generated.

      11. Download and save the Metadata file.

    3. Fill out the enrollment form. The following information must be included in the enrollment form:

      • Company name

      • SAML 2.0 IdP name (Okta)

      • Account ID and the Master user email

      • Company administrator and Fortinet Inc. contact

      • IdP Metadata file

      Note

      The account ID and email can be found in your FortiCloud account dropdown menu. To find the information, log into the Master account. In the top, right corner, select the account. A dropdown menu is displayed that lists the account ID and email information on the left side.

    4. Send the enrollment form and Metadata file to your Fortinet sales representative.

      Once you have been approved, you will receive an email with the next steps and SAML information.

    Enrolling with Microsoft Entra ID

    External IdP can be enrolled with Entra ID.

    To enroll for external IdP with Microsoft Entra ID:

    1. Contact your Fortinet sales representative about enrolling for external IdP.

    2. Prepare the application:

      1. In Microsoft Azure, select Microsoft Entra ID.

      2. Go to Enterprise applications.

      3. Click New application.

      4. Click Create your own application. The Create your own application pane is displayed.

      5. Enter the name of the application.

      6. Click Create. The Overview page is displayed.

      7. Select Set up single sign on.

      8. Select SAML.

      9. Edit the Basic SAML Configuration:

        1. Enter a temporary URL for the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields, such as https://customersso1.fortinet.com/.

          Note

          After enrollment is complete, your Fortinet sales representative will provide you with the necessary URLs.

        2. Click Save.

      10. Download the Federation Metadata XML file from the SAML Certificates section.

    3. Fill out the enrollment form. The following information must be included in the enrollment form:

      • Company name

      • SAML 2.0 IdP name (Microsoft Entra ID)

      • Account ID and the Master user email

      • Company administrator and Fortinet Inc. contact

      • IdP Metadata file

      Note

      The account ID and email can be found in your FortiCloud account dropdown menu. To find the information, log into the Master account. In the top, right corner, select the account. A dropdown menu is displayed that lists the account ID and email information on the left side.

    4. Send the enrollment form and Metadata file to your Fortinet sales representative.

      Once you have been approved, you will receive an email with the next steps and SAML information.

    Previous
    Next

    Related Videos

    Enrolling for external IdP

    Enrolling for external IdP

    Before you can access the external IdP features supported by FortiCloud, you must first enroll for the service.

    To enroll for external IdP access to FortiCloud, you must:

    1. Contact your Fortinet sales representative.

    2. Configure your IdP application.

    3. Fill out the enrollment form with information about your IdP application and FortiCloud account.

    4. Download and share the IdP Metadata file with your Fortinet sales representative.

    Once your enrollment has been approved, you should:

    This document only covers configuring external IdP with Okta and Microsoft Entra ID. However, multiple external identity providers are supported by FortiCloud. This topic includes the following enrollment examples:

    Enrolling with Okta

    External IdP can be enrolled with Okta.

    To enroll for external IdP with Okta:

    1. Contact your Fortinet sales representative about enrolling for external IdP.

    2. Prepare the application:

      1. In Okta, go to Applications > Applications.

      2. Click Create App Integration.

      3. Select SAML 2.0.

      4. Click Next.

      5. Enter an App Name.

      6. Click Next.

      7. Enter a temporary URL into the Single sign-on URL and Audience URI (SP Entity ID) fields, such as https://customersso1.fortinet.com/.

        Note

        After enrollment is complete, your Fortinet sales representative will provide you with the necessary URLs.

      8. Click Next.

      9. Select the App type.

      10. Click Finish. The Metadata file is generated.

      11. Download and save the Metadata file.

    3. Fill out the enrollment form. The following information must be included in the enrollment form:

      • Company name

      • SAML 2.0 IdP name (Okta)

      • Account ID and the Master user email

      • Company administrator and Fortinet Inc. contact

      • IdP Metadata file

      Note

      The account ID and email can be found in your FortiCloud account dropdown menu. To find the information, log into the Master account. In the top, right corner, select the account. A dropdown menu is displayed that lists the account ID and email information on the left side.

    4. Send the enrollment form and Metadata file to your Fortinet sales representative.

      Once you have been approved, you will receive an email with the next steps and SAML information.

    Enrolling with Microsoft Entra ID

    External IdP can be enrolled with Entra ID.

    To enroll for external IdP with Microsoft Entra ID:

    1. Contact your Fortinet sales representative about enrolling for external IdP.

    2. Prepare the application:

      1. In Microsoft Azure, select Microsoft Entra ID.

      2. Go to Enterprise applications.

      3. Click New application.

      4. Click Create your own application. The Create your own application pane is displayed.

      5. Enter the name of the application.

      6. Click Create. The Overview page is displayed.

      7. Select Set up single sign on.

      8. Select SAML.

      9. Edit the Basic SAML Configuration:

        1. Enter a temporary URL for the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) fields, such as https://customersso1.fortinet.com/.

          Note

          After enrollment is complete, your Fortinet sales representative will provide you with the necessary URLs.

        2. Click Save.

      10. Download the Federation Metadata XML file from the SAML Certificates section.

    3. Fill out the enrollment form. The following information must be included in the enrollment form:

      • Company name

      • SAML 2.0 IdP name (Microsoft Entra ID)

      • Account ID and the Master user email

      • Company administrator and Fortinet Inc. contact

      • IdP Metadata file

      Note

      The account ID and email can be found in your FortiCloud account dropdown menu. To find the information, log into the Master account. In the top, right corner, select the account. A dropdown menu is displayed that lists the account ID and email information on the left side.

    4. Send the enrollment form and Metadata file to your Fortinet sales representative.

      Once you have been approved, you will receive an email with the next steps and SAML information.

    Previous
    Next