Setting up service provider for FortiEDR
To configure FortiEDR as a SAML service provider on FortiAuthenticator:
- Go to Authentication > SAML IdP > Service Providers.
- Select Create New.
- Fill in the following fields:
- SP name: Enter a name for the FortiEDR SP.
- IDP prefix: Select Generate prefix in order to generate a random 16-digit alphanumeric string or alternatively enter a prefix for the IDP that is appended to the end of the IDP URLs.
- Click Download IDP metadata to save the FortiAuthenticator IDP data file to be used for uploading into FortiEDR. Refer to step 3 in SAML authentication for more information.
- Click Import SP metadata and select the SP data file that was downloaded from FortiEDR. Refer to step 2 in SAML authentication for more information.
- All other service provider configuration fields are auto-filled after the SP data file import:
- Click OK to apply the changes.
- Go to Authentication > SAML IdP > Service Providers and double-click to open the Service Provider that you created in the previous step.
- In the SAML Attribute section, click Create New.
- In the popup window, enter the attribute name that was configured in the FortiEDR SAML Authentication settings and select FortiAuthenticator Group as the User Attribute.
In our example, we use
fortiedr_role
as an attribute name, as shown below:And therefore the configuration on FortiAuthenticator appears as follows:
- Click OK to save the changes.
FortiAuthenticator can now be used as the IdP, which provides authorization and authentication for users trying to access the FortiEDR Central Manager Console. When logging into the FortiEDR Console via the SSO url that is specified in the SAML settings page, a FortiAuthenticator user is awarded access permissions to the FortiEDR Central Manager according to the User Groups into which he/she was added.