Fortinet black logo

FortiLAN Cloud User Guide

Home FortiLAN Cloud 23.3.0 FortiLAN Cloud User Guide
23.3.0
24.1.0
23.4.0
23.3.0
23.2.0
23.1.0
22.4.0
22.3.0

External IDP Authentication

External IDP Authentication

FortiLAN Cloud supports integration of third-party Identity Provider (IDP) services to log-in and manage networks. This feature is useful for enterprises that need to secure their user credentials and hence provision FortiLAN Cloud access through their own Identity Provider. The external IDP initiated Security Assertion Markup Language (SAML) assertion consisting of specific IDP attributes is used by FortiCloud/FortiLAN Cloud to verify the user account details and grant required access.

External IDP authentication is offered in conjunction with FortiCare and FortiAuthenticator. Contact the Fortinet Customer Support team to enable external IDP support and raise an enrollment request with the appropriate FortiCare accounts. After the enrollment is complete follow these setup procedures.

Note: Support for SAML 2.0 and IDP initiated assertion response is required.

  • Create an IDP with SAML Service Provider Metadata. The following is an example where company is the unique name of your organization.
    SP Entity ID http://customersso1.fortinet.com/saml-idp/proxy/{company}/metadata/
    SP Login URL https://customersso1.fortinet.com/saml-idp/proxy/{company}/saml/?acs
    Relay State https://customersso1.fortinet.com/saml-idp/proxy/{company}/login/
  • Configure the SAML assertions with the username and role attributes for permission control in FortiCloud.
  • Provide specific information to Fortinet, such as, the SAML Metadata file, company name, contact information, and the Fortinet master account that the IDP requires to connect to.

Configure external IDP roles in FortiCloud to allow the required access to FortiLAN Cloud. See Adding External IDP Roles. After successful authentication on your Identity Provider, you are re-directed to the FortiCloud portal from where you access FortiLAN Cloud based on the configured roles.

Adding External IDP Roles

Access the Identity & Access Management (IAM) service from the FortiCloud portal to add external IDP roles. See Adding external IdP roles.

Managing External IDP Roles

You can add and manage the external IDP roles from the FortiLAN Cloud GUI.

  • All existing IDP roles are listed in the Manage Account Access page.

    You can edit, create, and delete IDP roles from this page.
Previous
Next

External IDP Authentication

FortiLAN Cloud supports integration of third-party Identity Provider (IDP) services to log-in and manage networks. This feature is useful for enterprises that need to secure their user credentials and hence provision FortiLAN Cloud access through their own Identity Provider. The external IDP initiated Security Assertion Markup Language (SAML) assertion consisting of specific IDP attributes is used by FortiCloud/FortiLAN Cloud to verify the user account details and grant required access.

External IDP authentication is offered in conjunction with FortiCare and FortiAuthenticator. Contact the Fortinet Customer Support team to enable external IDP support and raise an enrollment request with the appropriate FortiCare accounts. After the enrollment is complete follow these setup procedures.

Note: Support for SAML 2.0 and IDP initiated assertion response is required.

  • Create an IDP with SAML Service Provider Metadata. The following is an example where company is the unique name of your organization.
    SP Entity ID http://customersso1.fortinet.com/saml-idp/proxy/{company}/metadata/
    SP Login URL https://customersso1.fortinet.com/saml-idp/proxy/{company}/saml/?acs
    Relay State https://customersso1.fortinet.com/saml-idp/proxy/{company}/login/
  • Configure the SAML assertions with the username and role attributes for permission control in FortiCloud.
  • Provide specific information to Fortinet, such as, the SAML Metadata file, company name, contact information, and the Fortinet master account that the IDP requires to connect to.

Configure external IDP roles in FortiCloud to allow the required access to FortiLAN Cloud. See Adding External IDP Roles. After successful authentication on your Identity Provider, you are re-directed to the FortiCloud portal from where you access FortiLAN Cloud based on the configured roles.

Adding External IDP Roles

Access the Identity & Access Management (IAM) service from the FortiCloud portal to add external IDP roles. See Adding external IdP roles.

Managing External IDP Roles

You can add and manage the external IDP roles from the FortiLAN Cloud GUI.

  • All existing IDP roles are listed in the Manage Account Access page.

    You can edit, create, and delete IDP roles from this page.
Previous
Next