Fortinet white logo
Fortinet white logo

Authentication Policies

Authentication Policies

FortiGuest allows user authentication via the internal user database or an external authentication server. For an authentication attempt against FortiGuest each server is tried in order against the relevant domain. If an external server rejects the authentication attempt then the user is rejected by FortiGuest. If a server does not respond the next server in the realm is tested.

With an external authentication server, the sponsors need not have another set of user names and passwords to authenticate. The existing server user credentials are used for authentication. It also enables the administrator to quickly roll out user access because there is no need to create and manage additional local sponsor accounts.

  1. Navigate to Network Access Policies > Authentication Policies and click New.
  2. Enter a Name for the authentication policy and select any of the authentication Server Type. Based on the selected authentication server, update the Settings parameters to create an authentication policy.

    The external servers authenticate sponsors using their existing server credentials. It also enables the administrator to quickly roll out user access because there is no need to create and manage additional local sponsor accounts.
  • Configure the User, that is, the realm/domain to which the user belongs.

  • Enter any Attribute Mappings required for the server and then map them to the usage profile you require and also set the Account Group. Click Add Mapping to configure the rules for the policy. In this example, a rule is created wherein if the groupequalsDomain Users then set usage profile to Default and account group to Default. The group refers to the group membership of the user in the backend server that sends this group information to FortiGuest.

  • Authentication Policies

    Authentication Policies

    FortiGuest allows user authentication via the internal user database or an external authentication server. For an authentication attempt against FortiGuest each server is tried in order against the relevant domain. If an external server rejects the authentication attempt then the user is rejected by FortiGuest. If a server does not respond the next server in the realm is tested.

    With an external authentication server, the sponsors need not have another set of user names and passwords to authenticate. The existing server user credentials are used for authentication. It also enables the administrator to quickly roll out user access because there is no need to create and manage additional local sponsor accounts.

    1. Navigate to Network Access Policies > Authentication Policies and click New.
    2. Enter a Name for the authentication policy and select any of the authentication Server Type. Based on the selected authentication server, update the Settings parameters to create an authentication policy.

      The external servers authenticate sponsors using their existing server credentials. It also enables the administrator to quickly roll out user access because there is no need to create and manage additional local sponsor accounts.
  • Configure the User, that is, the realm/domain to which the user belongs.

  • Enter any Attribute Mappings required for the server and then map them to the usage profile you require and also set the Account Group. Click Add Mapping to configure the rules for the policy. In this example, a rule is created wherein if the groupequalsDomain Users then set usage profile to Default and account group to Default. The group refers to the group membership of the user in the backend server that sends this group information to FortiGuest.