Fortinet black logo

Cookbook

Configuring single-sign-on in the Security Fabric

Copy Link
Copy Doc ID 4e2e9371-e0d6-11ea-96b9-00505692583a:977906
Download PDF

Configuring single-sign-on in the Security Fabric

SAML SSO enables a single FortiGate device to act as the identify provider (IdP), while other FortiGate devices act as service providers (SP) and redirect logins to the IdP.

Note

Only the root FortiGate can be the identity provider (IdP). The downstream FortiGates can be configured as service providers (SP).

The process is as follows:

  1. Configuring the root FortiGate as the IdP
  2. Configuring a downstream FortiGate as an SP
  3. Configuring certificates for SAML SSO
  4. Verifying the single-sign-on configuration

You can also use the CLI. See CLI commands for SAML SSO.

Configuring single-sign-on in the Security Fabric

SAML SSO enables a single FortiGate device to act as the identify provider (IdP), while other FortiGate devices act as service providers (SP) and redirect logins to the IdP.

Note

Only the root FortiGate can be the identity provider (IdP). The downstream FortiGates can be configured as service providers (SP).

The process is as follows:

  1. Configuring the root FortiGate as the IdP
  2. Configuring a downstream FortiGate as an SP
  3. Configuring certificates for SAML SSO
  4. Verifying the single-sign-on configuration

You can also use the CLI. See CLI commands for SAML SSO.