Applying user authentication

The following deployment example uses an authentication scheme that utilizes the Basic method to authenticate the end users. It also assumes the use of a pre-defined LDAP server (LDAP-fortiad) for remote authentication as well as pre-configured LDAP user groups (LDAP-Remote-Allowed-Group and LDAP-Finance).

There are a variety of different supported methods of authentication by ZTNA such as SAML authentication or form authentication. They produce slightly different user experiences for the end-users. Furthermore, you can also choose to use different types of remote servers other than LDAP.

For more information, see the following topics:

• ZTNA proxy access with SAML authentication example

• ZTNA access proxy with SAML and MFA using FortiAuthenticator example

• ZTNA session-based form authentication

To configure an authentication scheme and authentication rule to apply basic authentication:

1. Go to Policy & Objects > Authentication Rules and select Authentication Schemes from the top right.

2. Click Create New > Authentication Scheme.

   1. Configure the following:

      Name	ZTNA-Auth-scheme
      Method	Basic
      User database	Other – LDAP-fortiad

   2. Click OK.

3. Click Create New > Authentication Rules.

   1. Configure the following:

      Name	ZTNA-Auth-Rule
      Source Address	all
      Incoming Interface	WAN (port3)
      Protocol	HTTP
      Authentication Scheme	Enable – ZTNA-Auth-Scheme
      IP-based Authentication	Enable
      Enable This Rule	Enable

   2. Click OK.