Applying user authentication
The following deployment example uses an authentication scheme that utilizes the Basic method to authenticate the end users. It also assumes the use of a pre-defined LDAP server (LDAP-fortiad) for remote authentication as well as pre-configured LDAP user groups (LDAP-Remote-Allowed-Group and LDAP-Finance).
There are a variety of different supported methods of authentication by ZTNA such as SAML authentication or form authentication. They produce slightly different user experiences for the end-users. Furthermore, you can also choose to use different types of remote servers other than LDAP.
For more information, see the following topics:
To configure an authentication scheme and authentication rule to apply basic authentication:
-
Go to Policy & Objects > Authentication Rules and select Authentication Schemes from the top right.
-
Click Create New > Authentication Scheme.
-
Configure the following:
Name ZTNA-Auth-scheme Method Basic User database Other – LDAP-fortiad -
Click OK.
-
-
Click Create New > Authentication Rules.
-
Configure the following:
Name ZTNA-Auth-Rule Source Address all Incoming Interface WAN (port3) Protocol HTTP Authentication Scheme Enable – ZTNA-Auth-Scheme IP-based Authentication Enable Enable This Rule Enable -
Click OK.
-