Fortinet white logo
Fortinet white logo

User Guide

External Database

External Database

FortiGuest allows an external database to be configured for external authentication.

  • Type - Select the type of external database, the supported databases are, MySQL, MS-SQL, and PostgreSQL.

  • Server IP Address - Enter the IP address for the server.

  • Authentication Port - Enter the required port number, leave blank to use the selected types default port

  • Username and Password - Enter the required username and password.
    Note: The username should have only select permissions (Drop, Delete or Truncate should not be allowed for this user).

  • Define the Authentication Query and Group Query required to get user groups from the database.

    Consider the following authentication query example.
    select firstname as first_name, lastname as last_name, email_address as email, phone_number as phone from my_user_table where username = :username and password = :password

    • A user is authenticated if the authentication query returns a row.

    • If any of the following columns are set in that row, then they are applied to the generated account: first_name, last_name, email, phone.

    • The :username and :password parameters are required in the authentication query.

    Consider the following group query (optional) example.

    select group from my_group_table where username =: username

    • This query returns rows with a single column containing the group name.

    • The groups are passed to the group mappings, to determine the user's usage and authorization profiles.

    • The :username parameter is required in the group query.

    Configure the User, that is, the realm/domain to which the user belongs.

Enter any Attribute Mappings required for the server and then map them to the usage profile you require and also set the account group. Click Add Mapping to configure the rules for the policy.

External Database

External Database

FortiGuest allows an external database to be configured for external authentication.

  • Type - Select the type of external database, the supported databases are, MySQL, MS-SQL, and PostgreSQL.

  • Server IP Address - Enter the IP address for the server.

  • Authentication Port - Enter the required port number, leave blank to use the selected types default port

  • Username and Password - Enter the required username and password.
    Note: The username should have only select permissions (Drop, Delete or Truncate should not be allowed for this user).

  • Define the Authentication Query and Group Query required to get user groups from the database.

    Consider the following authentication query example.
    select firstname as first_name, lastname as last_name, email_address as email, phone_number as phone from my_user_table where username = :username and password = :password

    • A user is authenticated if the authentication query returns a row.

    • If any of the following columns are set in that row, then they are applied to the generated account: first_name, last_name, email, phone.

    • The :username and :password parameters are required in the authentication query.

    Consider the following group query (optional) example.

    select group from my_group_table where username =: username

    • This query returns rows with a single column containing the group name.

    • The groups are passed to the group mappings, to determine the user's usage and authorization profiles.

    • The :username parameter is required in the group query.

    Configure the User, that is, the realm/domain to which the user belongs.

Enter any Attribute Mappings required for the server and then map them to the usage profile you require and also set the account group. Click Add Mapping to configure the rules for the policy.