Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Configuring the RSSO Agent on the FortiGate

  1. On the FortiGate, go to User & Device > Single Sign-On and create a new agent.

    Set Type to RADIUS Single-Sign-On Agent.

    Enable Use RADIUS Shared Secret and enter a shared secret.

    Enable Send RADIUS Responses.

  2. Go to User & Device > User Groups and create a new user group.

    Set Type to RADIUS Single Sign-On (RSSO) and enter a RADIUS Attribute Value (case-sensitive) that matches the FortiConnect attribute. This example uses staff to identify a staff user.

  3. On FortiConnect, set the same RADIUS attribute for the Authorization Profile.

    Set the Attribute Value to use Class.

    FortiConnect maps the user to the account group during the backend authentication to Microsoft AD.

  4. On FortiGate, open the CLI Console and enter the following commands:

    config user radius

    edit "RSSO Agent"

    set rsso-endpoint-attribute "User-Name"

    next

    end

Configuring the RSSO Agent on the FortiGate

  1. On the FortiGate, go to User & Device > Single Sign-On and create a new agent.

    Set Type to RADIUS Single-Sign-On Agent.

    Enable Use RADIUS Shared Secret and enter a shared secret.

    Enable Send RADIUS Responses.

  2. Go to User & Device > User Groups and create a new user group.

    Set Type to RADIUS Single Sign-On (RSSO) and enter a RADIUS Attribute Value (case-sensitive) that matches the FortiConnect attribute. This example uses staff to identify a staff user.

  3. On FortiConnect, set the same RADIUS attribute for the Authorization Profile.

    Set the Attribute Value to use Class.

    FortiConnect maps the user to the account group during the backend authentication to Microsoft AD.

  4. On FortiGate, open the CLI Console and enter the following commands:

    config user radius

    edit "RSSO Agent"

    set rsso-endpoint-attribute "User-Name"

    next

    end