Before getting started, see SSO Configuration to learn more about our general SSO settings.

Okta Configuration

In the main Dashboard of your Okta account, select Add Applications.

In the application catalog, click Create New App.

In the following dialog, leave Web selected and pick SAML 2.0 as the sign on method.

General Settings

In General Settings, provide, at minimum, a name.

SAML Configuration

The Single Sign On URL is constructed with the URL Fragment configured in your SSO configuration. The single sign-on URL would follow the format: https://fortimonitor.forticloud.com/sso/<url fragment>/acs

The Audience URI follows the same format as the Single Sign On URL, but changing acs for metadata, such as https://fortimonitor.forticloud.com/sso/<url fragment>/metadata.

Lastly as FortiMonitor uses the email address as the base for identifying your user. Set the Name ID format as EmailAddress and Application username as email.

In the optional attribute statements, set the following three fields:

• email as user.email

• first_name as user.firstName

• last_name as user.lastName

On the Feedback tab, check I'm an Okta customer adding an internal app.

You should be taken to an page detailing the FortiMonitor application we just created. Click View Setup instructions.

Utilize the data in this screen to complete the General section of your FortiMonitor SSO Configuration.

• Identity Provider Single Sign-On URL is the Login URL

• Identity Provider Issuer is the Entity ID

• The certificate must be copied in Certificate input, under the Certificates section

• Login binding must be filled with urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

Lastly, assign any user you want to access the FortiMonitor app in Okta. Go to the assignment tab in the Application page and click Assign.

Search for people you want to be able to login into FortiMonitor.