Fortinet white logo
Fortinet white logo

CLI Reference

config authentication scheme

config authentication scheme

Configure Authentication Schemes.

config authentication scheme

Description: Configure Authentication Schemes.

edit <name>

set method {option1}, {option2}, ...

set negotiate-ntlm [enable|disable]

set kerberos-keytab {string}

set domain-controller {string}

set fsso-agent-for-ntlm {string}

set require-tfa [enable|disable]

set fsso-guest [enable|disable]

set user-database <name1>, <name2>, ...

set ssh-ca {string}

next

end

config authentication scheme

Parameter name

Description

Type

Size

method

Authentication methods (default = basic).

option

-

Option

Description

ntlm

NTLM authentication.

basic

Basic HTTP authentication.

digest

Digest HTTP authentication.

form

Form-based HTTP authentication.

negotiate

Negotiate authentication.

fsso

Fortinet Single Sign-On (FSSO) authentication.

rsso

RADIUS Single Sign-On (RSSO) authentication.

ssh-publickey

Public key based SSH authentication.

negotiate-ntlm

Enable/disable negotiate authentication for NTLM (default = disable).

option

-

Option

Description

enable

Enable negotiate authentication for NTLM.

disable

Disable negotiate authentication for NTLM.

kerberos-keytab

Kerberos keytab setting.

string

Maximum length: 35

domain-controller

Domain controller setting.

string

Maximum length: 35

fsso-agent-for-ntlm

FSSO agent to use for NTLM authentication.

string

Maximum length: 35

require-tfa

Enable/disable two-factor authentication (default = disable).

option

-

Option

Description

enable

Enable two-factor authentication.

disable

Disable two-factor authentication.

fsso-guest

Enable/disable user fsso-guest authentication (default = disable).

option

-

Option

Description

enable

Enable user fsso-guest authentication.

disable

Disable user fsso-guest authentication.

user-database `<name>`

Authentication server to contain user information; "local" (default) or "123" (for LDAP).<br>Authentication server name.

string

Maximum length: 79

ssh-ca

SSH CA name.

string

Maximum length: 35

config authentication scheme

config authentication scheme

Configure Authentication Schemes.

config authentication scheme

Description: Configure Authentication Schemes.

edit <name>

set method {option1}, {option2}, ...

set negotiate-ntlm [enable|disable]

set kerberos-keytab {string}

set domain-controller {string}

set fsso-agent-for-ntlm {string}

set require-tfa [enable|disable]

set fsso-guest [enable|disable]

set user-database <name1>, <name2>, ...

set ssh-ca {string}

next

end

config authentication scheme

Parameter name

Description

Type

Size

method

Authentication methods (default = basic).

option

-

Option

Description

ntlm

NTLM authentication.

basic

Basic HTTP authentication.

digest

Digest HTTP authentication.

form

Form-based HTTP authentication.

negotiate

Negotiate authentication.

fsso

Fortinet Single Sign-On (FSSO) authentication.

rsso

RADIUS Single Sign-On (RSSO) authentication.

ssh-publickey

Public key based SSH authentication.

negotiate-ntlm

Enable/disable negotiate authentication for NTLM (default = disable).

option

-

Option

Description

enable

Enable negotiate authentication for NTLM.

disable

Disable negotiate authentication for NTLM.

kerberos-keytab

Kerberos keytab setting.

string

Maximum length: 35

domain-controller

Domain controller setting.

string

Maximum length: 35

fsso-agent-for-ntlm

FSSO agent to use for NTLM authentication.

string

Maximum length: 35

require-tfa

Enable/disable two-factor authentication (default = disable).

option

-

Option

Description

enable

Enable two-factor authentication.

disable

Disable two-factor authentication.

fsso-guest

Enable/disable user fsso-guest authentication (default = disable).

option

-

Option

Description

enable

Enable user fsso-guest authentication.

disable

Disable user fsso-guest authentication.

user-database `<name>`

Authentication server to contain user information; "local" (default) or "123" (for LDAP).<br>Authentication server name.

string

Maximum length: 79

ssh-ca

SSH CA name.

string

Maximum length: 35