Fortinet black logo

Administration Guide

Configuring a downstream FortiGate as an SP

Configuring a downstream FortiGate as an SP

There are two ways to configure the downstream FortiGate:

Note

An SP must be a member of the Security Fabric before you configure it.

To configure the downstream FortiGate from the root FortiGate:
  1. Log in to the root FortiGate.
  2. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
  3. In the Topology tree, hover over a FortiGate and click Configure.

    The Configure pane opens.

  4. Select a SAML Single Sign-On option. Auto sets the device to SP mode. Manual allows you to configure the SSO settings by clicking Advanced Options.
  5. Select a Default login page option.

  6. Select one of the following Default admin profile types: prof_admin, super_admin, or super_admin_readonly.

  7. Enter an IP address in the Management IP/FQDN box.
  8. Enter a management port in the Management port box.

    The Management IP/FQDN will be used by the IdP and so other SPs can redirect to each other. The Management port must be reachable from the user's device.

  9. Click OK.

To configure the downstream FortiGate within the device:
  1. Log in to the downstream FortiGate.
  2. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
  3. Select a SAML Single Sign-On option. Auto sets the device to SP mode. Manual allows you to configure the SSO settings by clicking Advanced Options.
  4. Select a Default login page option.
  5. Select one of the following Default admin profile types: prof_admin, super_admin, or super_admin_readonly.
  6. Enter an IP address in the Management IP/FQDN box.
  7. Enter a management port in the Management port box.

    The Management IP/FQDN will be used by the IdP and so other SPs can redirect to each other. The Management port must be reachable from the user's device.

  8. Click OK.

Configuring a downstream FortiGate as an SP

There are two ways to configure the downstream FortiGate:

Note

An SP must be a member of the Security Fabric before you configure it.

To configure the downstream FortiGate from the root FortiGate:
  1. Log in to the root FortiGate.
  2. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
  3. In the Topology tree, hover over a FortiGate and click Configure.

    The Configure pane opens.

  4. Select a SAML Single Sign-On option. Auto sets the device to SP mode. Manual allows you to configure the SSO settings by clicking Advanced Options.
  5. Select a Default login page option.

  6. Select one of the following Default admin profile types: prof_admin, super_admin, or super_admin_readonly.

  7. Enter an IP address in the Management IP/FQDN box.
  8. Enter a management port in the Management port box.

    The Management IP/FQDN will be used by the IdP and so other SPs can redirect to each other. The Management port must be reachable from the user's device.

  9. Click OK.

To configure the downstream FortiGate within the device:
  1. Log in to the downstream FortiGate.
  2. Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.
  3. Select a SAML Single Sign-On option. Auto sets the device to SP mode. Manual allows you to configure the SSO settings by clicking Advanced Options.
  4. Select a Default login page option.
  5. Select one of the following Default admin profile types: prof_admin, super_admin, or super_admin_readonly.
  6. Enter an IP address in the Management IP/FQDN box.
  7. Enter a management port in the Management port box.

    The Management IP/FQDN will be used by the IdP and so other SPs can redirect to each other. The Management port must be reachable from the user's device.

  8. Click OK.