Fortinet white logo
Fortinet white logo

Cookbook

Configuring a downstream FortiGate as an SP

Configuring a downstream FortiGate as an SP

There are two ways to configure the downstream FortiGate:

Note

An SP must be a member of the Security Fabric before you configure it.

To configure the downstream FortiGate from the root FortiGate:
  1. Log in to the root FortiGate.
  2. Go to Security Fabric > Settings and locate the Topology section.
  3. Hover over a FortiGate and click Configure.

    The Configure pane opens.

  4. Enable SAML Single Sign-On. The Mode field is automatically populated as Service Provider (SP).
  5. Enter an IP address in the Management IP/FQDN box.
  6. Enter a management port in the Management Port box.

    The Management IP/FQDN will be used by the IdP and so other SPs can redirect to each other. The Management Port must be reachable from the user's device.

  7. Select a Default login page option.
  8. Select one of the following Default admin profile types: prof_admin, super_admin, or super_admin_readonly. The no_access_admin profile is set as the default.
  9. Click OK.

To configure the downstream FortiGate within the device:
  1. Log in to the downstream FortiGate.
  2. Go to Security Fabric > Settings.
  3. In the FortiGate Telemetry section, enable SAML Single Sign-On. The Mode field is automatically populated as Service Provider (SP).
  4. Enter an IP address in the Management IP/FQDN box.
  5. Enter a management port in the Management Port box.

    The Management IP/FQDN will be used by the IdP and so other SPs can redirect to each other. The Management Port must be reachable from the user's device.

  6. Select a Default login page option.
  7. Select one of the following Default admin profile types: prof_admin, super_admin, or super_admin_readonly. The no_access_admin profile is set as the default.
  8. Click OK.

Configuring a downstream FortiGate as an SP

Configuring a downstream FortiGate as an SP

There are two ways to configure the downstream FortiGate:

Note

An SP must be a member of the Security Fabric before you configure it.

To configure the downstream FortiGate from the root FortiGate:
  1. Log in to the root FortiGate.
  2. Go to Security Fabric > Settings and locate the Topology section.
  3. Hover over a FortiGate and click Configure.

    The Configure pane opens.

  4. Enable SAML Single Sign-On. The Mode field is automatically populated as Service Provider (SP).
  5. Enter an IP address in the Management IP/FQDN box.
  6. Enter a management port in the Management Port box.

    The Management IP/FQDN will be used by the IdP and so other SPs can redirect to each other. The Management Port must be reachable from the user's device.

  7. Select a Default login page option.
  8. Select one of the following Default admin profile types: prof_admin, super_admin, or super_admin_readonly. The no_access_admin profile is set as the default.
  9. Click OK.

To configure the downstream FortiGate within the device:
  1. Log in to the downstream FortiGate.
  2. Go to Security Fabric > Settings.
  3. In the FortiGate Telemetry section, enable SAML Single Sign-On. The Mode field is automatically populated as Service Provider (SP).
  4. Enter an IP address in the Management IP/FQDN box.
  5. Enter a management port in the Management Port box.

    The Management IP/FQDN will be used by the IdP and so other SPs can redirect to each other. The Management Port must be reachable from the user's device.

  6. Select a Default login page option.
  7. Select one of the following Default admin profile types: prof_admin, super_admin, or super_admin_readonly. The no_access_admin profile is set as the default.
  8. Click OK.