Fortinet black logo

Administration Guide

Authentication

Copy Link
Copy Doc ID 1ce38eeb-8119-11eb-9995-00505692583a:858820
Download PDF

Authentication

Authentication groups together options to configure the connection to authenticate using a Google account, to configure an LDAP directory to authenticate users, to configure RADIUS servers to authenticate users, and to configure a list of local domains for your local network users.

Enabling authentication allows the Administrator to determine whether or not hosts connecting to the network will be forced to authenticate. Hosts can be forced to reauthenticate after a specified period of time.

Once a host is registered the host connecting via a wired connection may or may not have to authenticate depending on what port is being used. Hosts connecting via a wireless connection will be forced to authenticate if an authentication VLAN has been established. See Wireless integration for more information.

Switches used in the forced authentication process must have a value entered for the authentication VLAN in the model configuration. The ports on these switches must be added to the forced authentication group. See Groups view for details on adding ports to a group.

Options

Option

Definition

Google

Use Google to configure the connection to authenticate using a Google account.

See Google authentication.

LDAP

Use LDAP to configure the connection to one or more authentication directories. Data from the directory populates the FortiNAC database with demographic data for registered users.

See Directories.

RADIUS

Use RADIUS to configure the connection to one or more RADIUS servers for authentication.

See RADIUS.

Roaming Guests

Use roaming guests to configure a list of local domains for your local network users. Users who connect and attempt to authenticate with a fully qualified domain name that is not on this list are treated as roaming guests. Applies only to wireless 802.1x connections.

See Roaming guests.

Authentication

Authentication groups together options to configure the connection to authenticate using a Google account, to configure an LDAP directory to authenticate users, to configure RADIUS servers to authenticate users, and to configure a list of local domains for your local network users.

Enabling authentication allows the Administrator to determine whether or not hosts connecting to the network will be forced to authenticate. Hosts can be forced to reauthenticate after a specified period of time.

Once a host is registered the host connecting via a wired connection may or may not have to authenticate depending on what port is being used. Hosts connecting via a wireless connection will be forced to authenticate if an authentication VLAN has been established. See Wireless integration for more information.

Switches used in the forced authentication process must have a value entered for the authentication VLAN in the model configuration. The ports on these switches must be added to the forced authentication group. See Groups view for details on adding ports to a group.

Options

Option

Definition

Google

Use Google to configure the connection to authenticate using a Google account.

See Google authentication.

LDAP

Use LDAP to configure the connection to one or more authentication directories. Data from the directory populates the FortiNAC database with demographic data for registered users.

See Directories.

RADIUS

Use RADIUS to configure the connection to one or more RADIUS servers for authentication.

See RADIUS.

Roaming Guests

Use roaming guests to configure a list of local domains for your local network users. Users who connect and attempt to authenticate with a fully qualified domain name that is not on this list are treated as roaming guests. Applies only to wireless 802.1x connections.

See Roaming guests.