Fortinet black logo

Cookbook

Logging in to a FortiGate SP from root FortiGate IdP

Copy Link
Copy Doc ID 3c219ad1-1ba7-11ea-9384-00505692583a:178823
Download PDF

Logging in to a FortiGate SP from root FortiGate IdP

You can log in to a FortiGate SP from a FortiGate IdP. This topic describes how to log in to a root FortiGate IdP, and navigate to other FortiGate SPs in the Security Fabric without further authentication.

In this example, the local administrator account is named test3. The local administrator account must also be available as an SSO administrator account on all downstream FortiGate SPs. Different tabs of the same browser are used to log in to the various FortiGates.

To log in to a FortiGate SP from a root FortiGate IdP:
  1. Log in to the root FortiGate IdP by using the local administrator account.

    In this example, the local administrator account is named test3.

  2. Go to Security Fabric > Settings.
  3. In the Topology area, click one of the downstream FortiGate SPs, and select Login to <name of FortiGate>.

    The login screen is displayed.

  4. In the login screen, select Single Sign-On.

    By using cookies in your local browser for the already-authenticated SSO administrator, FortiGate logs you in to the downstream FortiGate SP as the SSO administrator. In this example, the SSO administrator name is test3.

  5. While still logged into the root FortiGate IdP in your browser, go to the browser tab for the root FortiGate IdP, and log in to another FortiGate SP that is displayed on the Security Fabric pane in the GUI.

    SAML SSO login uses SAML_IDP session cookies of already authenticated admin users in your local browser cache to send to the root FortiGate IdP for authentication. If your browser cache is manually cleared, or you close your browser, you must authenticate again.

Logging in to a FortiGate SP from root FortiGate IdP

You can log in to a FortiGate SP from a FortiGate IdP. This topic describes how to log in to a root FortiGate IdP, and navigate to other FortiGate SPs in the Security Fabric without further authentication.

In this example, the local administrator account is named test3. The local administrator account must also be available as an SSO administrator account on all downstream FortiGate SPs. Different tabs of the same browser are used to log in to the various FortiGates.

To log in to a FortiGate SP from a root FortiGate IdP:
  1. Log in to the root FortiGate IdP by using the local administrator account.

    In this example, the local administrator account is named test3.

  2. Go to Security Fabric > Settings.
  3. In the Topology area, click one of the downstream FortiGate SPs, and select Login to <name of FortiGate>.

    The login screen is displayed.

  4. In the login screen, select Single Sign-On.

    By using cookies in your local browser for the already-authenticated SSO administrator, FortiGate logs you in to the downstream FortiGate SP as the SSO administrator. In this example, the SSO administrator name is test3.

  5. While still logged into the root FortiGate IdP in your browser, go to the browser tab for the root FortiGate IdP, and log in to another FortiGate SP that is displayed on the Security Fabric pane in the GUI.

    SAML SSO login uses SAML_IDP session cookies of already authenticated admin users in your local browser cache to send to the root FortiGate IdP for authentication. If your browser cache is manually cleared, or you close your browser, you must authenticate again.