Licensing for accounts with FortiSASE licenses
FortiIdentity Cloud provides special licensing treatment for accounts with FortiSASE licenses in terms of user quota and authentication capabilities.
Accounts with FortiSASE license and no FIC license
For accounts with FortiSASE licenses, FortiIdentity Cloud automatically doubles the FortiSASE license user quota in the FortiIdentity Cloud portal when the administrator logs into the Portal for the first time. For instance, if you have a 50-user FortiSASE license, your FIC user quota will be 100. The quota can only be used to add passthrough users when FIC is configured as the IdP proxy for FortiSASE with the Passthrough option enabled in the associated FIC application. These users are automatically tagged with the FortiSASE service by FortiIdentity Cloud when utilized by FortiSASE applications.
With only a FortiSASE license associated with the account, FortiSASE SSO applications can have only one IdP user source.
|
Passthrough users are treated as temporary users in FortiIdentity Cloud treats. Any passthrough user that has been inactive for 30 consecutive days is automatically deleted by FortiIdentity cloud. Upon deletion, the associated user quota becomes available for future passthrough users. |
Accounts with both FortiSASE and FIC Licenses
Account with FortiSASE license along with a paid FIC license can add multiple IdP user sources for FortiSASE SSO applications. For each passthrough user added in FIC after successful authentication, 0.05 user quota will be deducted from the total user quota that the FIC license supports. FIC quota consumption is restored when the number of user sources is reduced to one.
License | Number of user source for FortiSASE SSO app | FortiSASE user quota consumption per passthrough user using FortiSASE SSO app | FIC license quota consumption per passthrough user using FortiSASE SSO app |
|---|---|---|---|
FortiSASE only | 1 | 1 | 0 |
FortiSASE + FIC | >1 | 1 | 0.05 |