DOCUMENT LIBRARY

Examples

Introduction
FortiToken and FortiToken Mobile
- 2FA with FortiToken Mobile
RADIUS authentication
- 2FA on FortiPAM for RADIUS users using FortiAuthenticator
SAML authentication
- 2FA on FortiPAM for SAML users using FortiAuthenticator
ZTNA
- ZTNA endpoint control on FortiPAM
Secret configurations
Audit
- Sponsored administrator audits secret activities
Web proxy
- Configuring the web proxy feature to prevent web credentials from leaking
RDP log retrieval
- RDP log retrieving on FortiPAM
Gateway
SSH filter profiles
- Configuring an SSH filter profile on FortiPAM to restrict SSH access to secret servers
  - Configuring SSH filter profiles in the CLI
  - Configuring SSH filter profiles using the GUI
Automation
- Using default automation stitch- Secret Credential View
  - Using the Secret Credential View automation stitch
  - Results
- Customizing an automation stitch
Windows application filter
- Creating a Windows application filter to prevent running executables
- Creating a non-Windows application filter to prevent running executables
  - Creating a target with server information as non-Windows
  - Creating a non-privilged secret
Web launcher
- Using web launcher to auto fill credentials on a website
Log and video disks
- Back up and restore your log and video files
Certificate management
- Configuring certificate using the ACME protocol to access a FortiPAM instance
  - Creating a certificate
  - Configuring the FortiPAM SSL certificate
Change Log

Home FortiPAM 1.4.0 Examples

1.4.0

Configuring FortiPAM as an SP

To configure FortiPAM as an SP:

Go to User Management > Saml Single Sign-On.

In the Configure Service Provider tab, keep the default values.

Ensure that the FortiAuthenticator IdP uses the same configuration as in Configure Service Provider tab in SP Metadata when Configuring FortiAuthenticator as a SAML IdP:

FortiPAM	FortiAuthenticator
Entity ID	SP entity ID
Single Logout Service (SLS) URL	SP SLS (logout) URL
Portal (Sign On) URL	SP ACS (login) URL

Click Next.
In the Configure Identity Provider tab:
1. In Type, select Custom.
2. In IdP entity ID, enter the FortiAuthenticator IdP entity ID.
3. In IdP single sign-on URL, enter the FortiAuthenticator IdP login URL.
4. In IdP single logout URL, enter the FortiAuthenticator IdP logout URL.
  IdP entity ID, IdP single sign-on URL, and IdP single logout URL were initially configured in Configuring FortiAuthenticator as a SAML IdP.
5. In the IdP Certificate dropdown, select the remote certificate imported in Importing FortiAuthenticator certificate to FortiPAM.
6. Click Next.
In the Additional Saml Attributes tab:
1. In Attribute used to identify users, enter username.
2. In Attribute used to identify groups, enter group.
  These attributes are the same as those configured in the Assertion Attributes pane when Configuring FortiAuthenticator as a SAML IdP.
Click Next.
In the Review tab, verify the information you entered and click Submit.

Configuring FortiPAM as an SP

To configure FortiPAM as an SP:

Go to User Management > Saml Single Sign-On.

In the Configure Service Provider tab, keep the default values.

Ensure that the FortiAuthenticator IdP uses the same configuration as in Configure Service Provider tab in SP Metadata when Configuring FortiAuthenticator as a SAML IdP:

FortiPAM	FortiAuthenticator
Entity ID	SP entity ID
Single Logout Service (SLS) URL	SP SLS (logout) URL
Portal (Sign On) URL	SP ACS (login) URL

Click Next.
In the Configure Identity Provider tab:
1. In Type, select Custom.
2. In IdP entity ID, enter the FortiAuthenticator IdP entity ID.
3. In IdP single sign-on URL, enter the FortiAuthenticator IdP login URL.
4. In IdP single logout URL, enter the FortiAuthenticator IdP logout URL.
  IdP entity ID, IdP single sign-on URL, and IdP single logout URL were initially configured in Configuring FortiAuthenticator as a SAML IdP.
5. In the IdP Certificate dropdown, select the remote certificate imported in Importing FortiAuthenticator certificate to FortiPAM.
6. Click Next.
In the Additional Saml Attributes tab:
1. In Attribute used to identify users, enter username.
2. In Attribute used to identify groups, enter group.
  These attributes are the same as those configured in the Assertion Attributes pane when Configuring FortiAuthenticator as a SAML IdP.
Click Next.
In the Review tab, verify the information you entered and click Submit.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Examples

Configuring FortiPAM as an SP

Configuring FortiPAM as an SP

To configure FortiPAM as an SP:

Configuring FortiPAM as an SP

Configuring FortiPAM as an SP

To configure FortiPAM as an SP: