SSO administrators
SSO administrators are automatically created when the FortiGate acts as a SAML service provider (SP) with SAML Single Sign-On enabled in the Security Fabric settings.
On the system login page, an administrator can log in with their username and password against the root FortiGate acting as the identity provider (IdP) in the Security Fabric. After the first successful log in, this user is added to the administrators table (System > Administrators under Single Sign-On Administrator). The default profile selected is based on the SP settings (Default admin profile). See Configuring a downstream FortiGate as an SP for more information.
SSO administrators can be manually configured in FortiOS.
To manually configure an SSO administrator in the GUI:
-
Go to System > Administrators and click Create New > SSO Admin.
-
Enter the username.
-
Select an administrator profile.
-
Click OK.
To manually configure an SSO administrator in the CLI:
config system sso-admin edit <name> set accprofile <profile> set vdom <vdom> next end