Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Examples

    Home FortiPAM 1.2.0 Examples
    1.2.0
    1.4.0
    1.3.0
    1.2.0
    1.1.0
    1.0.0

    Configuring FortiPAM as an SP

    Configuring FortiPAM as an SP

    To configure FortiPAM as an SP:
    1. Go to User Management > Saml Single Sign-On.
    2. In the Configure Service Provider tab, keep the default values.

      Ensure that the FortiAuthenticator IdP uses the same configuration as in Configure Service Provider tab in SP Metadata when Configuring FortiAuthenticator as a SAML IdP:

      FortiPAM

      FortiAuthenticator

      Entity ID

      SP entity ID

      Single Logout Service (SLS) URL

      SP SLS (logout) URL

      Portal (Sign On) URL

      SP ACS (login) URL

    3. Click Next.
    4. In the Configure Identity Provider tab:
      1. In Type, select Custom.
      2. In IdP entity ID, enter the FortiAuthenticator IdP entity ID.
      3. In IdP single sign-on URL, enter the FortiAuthenticator IdP login URL.
      4. In IdP single logout URL, enter the FortiAuthenticator IdP logout URL.

        IdP entity ID, IdP single sign-on URL, and IdP single logout URL were initially configured in Configuring FortiAuthenticator as a SAML IdP.

      5. In the IdP Certificate dropdown, select the remote certificate imported in Importing FortiAuthenticator certificate to FortiPAM.
      6. Click Next.
    5. In the Additional Saml Attributes tab:
      1. In Attribute used to identify users, enter username.
      2. In Attribute used to identify groups, enter group.

        These attributes are the same as those configured in the Assertion Attributes pane when Configuring FortiAuthenticator as a SAML IdP.

    6. Click Next.
    7. In the Review tab, verify the information you entered and click Submit.

    Previous
    Next

    Configuring FortiPAM as an SP

    Configuring FortiPAM as an SP

    To configure FortiPAM as an SP:
    1. Go to User Management > Saml Single Sign-On.
    2. In the Configure Service Provider tab, keep the default values.

      Ensure that the FortiAuthenticator IdP uses the same configuration as in Configure Service Provider tab in SP Metadata when Configuring FortiAuthenticator as a SAML IdP:

      FortiPAM

      FortiAuthenticator

      Entity ID

      SP entity ID

      Single Logout Service (SLS) URL

      SP SLS (logout) URL

      Portal (Sign On) URL

      SP ACS (login) URL

    3. Click Next.
    4. In the Configure Identity Provider tab:
      1. In Type, select Custom.
      2. In IdP entity ID, enter the FortiAuthenticator IdP entity ID.
      3. In IdP single sign-on URL, enter the FortiAuthenticator IdP login URL.
      4. In IdP single logout URL, enter the FortiAuthenticator IdP logout URL.

        IdP entity ID, IdP single sign-on URL, and IdP single logout URL were initially configured in Configuring FortiAuthenticator as a SAML IdP.

      5. In the IdP Certificate dropdown, select the remote certificate imported in Importing FortiAuthenticator certificate to FortiPAM.
      6. Click Next.
    5. In the Additional Saml Attributes tab:
      1. In Attribute used to identify users, enter username.
      2. In Attribute used to identify groups, enter group.

        These attributes are the same as those configured in the Assertion Attributes pane when Configuring FortiAuthenticator as a SAML IdP.

    6. Click Next.
    7. In the Review tab, verify the information you entered and click Submit.

    Previous
    Next