- In FortiAuthenticator, go to Fortinet SSO Methods > SSO > SAML Authentication and import the IDP metadata and certificate downloaded earlier.
This automatically fills the IdP fields (as shown in the example). Click OK to save these changes.
- Go to Fortinet SSO Methods > SSO > FortiGate Filtering and create a new FortiGate filter.
Enter a name and the FortiGate’s wan-interface IP address, and select OK.
Enable Fortinet Single Sign-On (FSSO).
Select Create New to create an SSO group filtering object (as shown in this example).
The name of the filter must be the same as the group name created for SAML users (saml_users). The two user groups must have the exact same name or SSO information will not be pushed to the FortiGate.
Select OK to apply all changes.