Fortinet black logo

Administration Guide

Configuring single-sign-on in the Security Fabric

Configuring single-sign-on in the Security Fabric

SAML SSO enables a single FortiGate device to act as the identify provider (IdP), while other FortiGate devices act as service providers (SP) and redirect logins to the IdP.

Note

Only the root FortiGate can be the identity provider (IdP). The downstream FortiGates can be configured as service providers (SP).

The process is as follows:

  1. Configuring the root FortiGate as the IdP
  2. Configuring a downstream FortiGate as an SP
  3. Configuring certificates for SAML SSO
  4. Verifying the single-sign-on configuration

You can also use the CLI. See CLI commands for SAML SSO.

Configuring single-sign-on in the Security Fabric

SAML SSO enables a single FortiGate device to act as the identify provider (IdP), while other FortiGate devices act as service providers (SP) and redirect logins to the IdP.

Note

Only the root FortiGate can be the identity provider (IdP). The downstream FortiGates can be configured as service providers (SP).

The process is as follows:

  1. Configuring the root FortiGate as the IdP
  2. Configuring a downstream FortiGate as an SP
  3. Configuring certificates for SAML SSO
  4. Verifying the single-sign-on configuration

You can also use the CLI. See CLI commands for SAML SSO.