Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 6.0.1 Administration Guide
    6.0.1
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Single Sign-On

    Single Sign-On

    Go to System > Single sign-on to allow administrators to log into FortiDeceptor with a single ID. User information is stored in a remote Identity Provider (IdP) server. No user information is stored locally. Instead, FortiDeceptor acts as a Service Provider (SP). When a login request is received, FortiDeceptor redirects the request via SAML protocol to the IdP to complete the authentication.

    To enable Single Sign-On:
    1. Go to System > Single sign-on and click Enable . The Single Sign-On settings are displayed.
    2. Configure the Single Sign-On settings and click Apply.
    Service Provider Configuration
    Address The address the identify provider will send SAML authentication requests to.
    Entity ID Click the Copy icon to copy the Entity ID.
    Assertion consumer service URL Click the Copy icon to copy the URL.
    Single logout service URL Click the Copy icon to copy the URL.
    Enable Certificate Service provider will use this certificate to sign or encrypt the request. When this option is disabled , the request will not be signed or encrypted.
    Certificate Allow the service provider to sign or encrypt the request. Select the certificate to use from the list. You can also download the public key of the certificate and upload it to the identity provider to verify and decrypt the request.
    Identity Provider Configuration
    Entity ID Enter the entity ID of identity provider
    Single sign-on service URL Enter the identity provider's sign on URL.

    Single logout service URL

    Enter the identity provider's logout URL.

    Certificate

    Upload the public X.509 certificate of the identity provider .

    Additional SAML Attributes

    Attribute used to identify users

    The identity provider will use this attribute in the request to report the sign-on user name.

    Configuring SSO with Azure

    Configuring SSO with Azure requires a Claim Attribute. This section provides an overview on how to configure a new Claim Attribute in Azure and where to enter it in FortiDeceptor. For more information about Claim Attributes, see the Azure product help.

    Tooltip

    As SSO is a standard method, setting Claim Attribute on the IDP side can be applied to any IDP servers.
    To configure SSO for Azure:
    1. In Azure, go to Identity > Applications > Enterprise applications > All applications.
    2. Select the application, select Single sign-on in the left-hand menu, and then select Edit in the Attributes & Claims section.

    3. Go to Manage Claim.
    4. Go to Manage > Single-Sign On.

    5. Specify the attribute Name and the Source Attribute.

    6. In FortiDeceptor enter the attribute claim in the Attribute used to identify users field.

    Previous
    Next

    Single Sign-On

    Single Sign-On

    Go to System > Single sign-on to allow administrators to log into FortiDeceptor with a single ID. User information is stored in a remote Identity Provider (IdP) server. No user information is stored locally. Instead, FortiDeceptor acts as a Service Provider (SP). When a login request is received, FortiDeceptor redirects the request via SAML protocol to the IdP to complete the authentication.

    To enable Single Sign-On:
    1. Go to System > Single sign-on and click Enable . The Single Sign-On settings are displayed.
    2. Configure the Single Sign-On settings and click Apply.
    Service Provider Configuration
    Address The address the identify provider will send SAML authentication requests to.
    Entity ID Click the Copy icon to copy the Entity ID.
    Assertion consumer service URL Click the Copy icon to copy the URL.
    Single logout service URL Click the Copy icon to copy the URL.
    Enable Certificate Service provider will use this certificate to sign or encrypt the request. When this option is disabled , the request will not be signed or encrypted.
    Certificate Allow the service provider to sign or encrypt the request. Select the certificate to use from the list. You can also download the public key of the certificate and upload it to the identity provider to verify and decrypt the request.
    Identity Provider Configuration
    Entity ID Enter the entity ID of identity provider
    Single sign-on service URL Enter the identity provider's sign on URL.

    Single logout service URL

    Enter the identity provider's logout URL.

    Certificate

    Upload the public X.509 certificate of the identity provider .

    Additional SAML Attributes

    Attribute used to identify users

    The identity provider will use this attribute in the request to report the sign-on user name.

    Configuring SSO with Azure

    Configuring SSO with Azure requires a Claim Attribute. This section provides an overview on how to configure a new Claim Attribute in Azure and where to enter it in FortiDeceptor. For more information about Claim Attributes, see the Azure product help.

    Tooltip

    As SSO is a standard method, setting Claim Attribute on the IDP side can be applied to any IDP servers.
    To configure SSO for Azure:
    1. In Azure, go to Identity > Applications > Enterprise applications > All applications.
    2. Select the application, select Single sign-on in the left-hand menu, and then select Edit in the Attributes & Claims section.

    3. Go to Manage Claim.
    4. Go to Manage > Single-Sign On.

    5. Specify the attribute Name and the Source Attribute.

    6. In FortiDeceptor enter the attribute claim in the Attribute used to identify users field.

    Previous
    Next