- On the FortiGate, go to User & Device > Single Sign-On and select Create New.
Set Type to Fortinet Single-Sign-On Agent, enter a Name, the FortiAuthenticator’s Internet-interface IP address, and the password, which must match the secret key entered at the beginning of the FortiAuthenticator configuration process.
Select Apply & Refresh.
- The SAML user group name is pushed to the FortiGate from the FortiAuthenticator and appears when you select View.
You might have to wait a few minutes before the user group appears.
- In the list showing the server, hover over the entry under the Users/Groups column and check that the FSSO group has been pushed down.
- Go to User & Device > User Groups and create a new FSSO user group. Users authenticated via SAML FSSO are in this group.
Enter a Name, set Type to Fortinet Single Sign-On (FSSO), and add the FSSO group as one of the Members.