Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiPortal 5.3.6 Administration Guide
    5.3.6
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Remote authentication using FortiAuthenticator

    Remote authentication using FortiAuthenticator

    You need to set up both FortiAuthenticator and FortiPortal before you can use FortiAuthenticator for remote authentication.

    Configuring FortiAuthenticator

    Before using FortiAuthenticator for remote authentication, go to System > Messaging > SMTP Servers in FortiAuthenticator and make certain that the SMTP server is working. If the SMTP server is not working, configure a new SMTP server and then select it in System > Messaging > Email Services.

    To configure FortiAuthenticator:
    1. Configure an administrator user or use the default admin user with a valid email address.
    2. Enable Web service access.


    3. Save the REST API key that you will receive by email.

    Configuring FortiPortal

    When you select Authentication Access > Remote, the remote server is set to FortiAuthenticator by default, and the system displays additional settings to configure.

    If you change the authentication configuration from local to remote or from remote to local, you must restart FortiPortal.

    The following table describes the remote authentication fields:

    Settings

    Guidelines

    Remote Server

    Select FortiAuthenticator.

    Allow Service Provider
    Usernames without Domain

    Enable or disable. If you enable this field, the user can enter the user ID without a domain qualifier, and the system will try to authenticate the user credentials in each of the domains until a match is found.

    Remote Server Key

    Secret key for REST API requests

    Remote Server IP Address

    IP address of the authentication server

    Remote Server Port

    Port for the authentication server (default is 443)

    Remote Server User
    (FortiAuthenticator only)

    Administrator user name for the authentication server. This user must have sufficient permission to initiate REST API requests.

    Domains

    The site administrator may allow administrative users to be defined in more than one domain.
    Enter a domain and then select the + button. The new domain appears in the list below the entry box.

    To configure FortiPortal:
    1. Go to Admin > Settings.
    2. For Authentication Access, select Remote.
    3. In the Remote Server drop-down menu, select FortiAuthenticator.
    4. In the Remote Server Key field, paste the REST API key that you received in email (see step 3 in “Configuring FortiAuthenticator”).
    5. In the Remote Server Port field, enter 443.
    6. In the Remote Server User field, enter the name of the admin user from step 1 of “Configuring FortiAuthenticator.”
    7. In the Domains field, add the domain for the administrator user. For example, if the administrator user is abc@test.com, add test.com in the Domains field.


    8. Select Save.
    Previous
    Next

    Remote authentication using FortiAuthenticator

    Remote authentication using FortiAuthenticator

    You need to set up both FortiAuthenticator and FortiPortal before you can use FortiAuthenticator for remote authentication.

    Configuring FortiAuthenticator

    Before using FortiAuthenticator for remote authentication, go to System > Messaging > SMTP Servers in FortiAuthenticator and make certain that the SMTP server is working. If the SMTP server is not working, configure a new SMTP server and then select it in System > Messaging > Email Services.

    To configure FortiAuthenticator:
    1. Configure an administrator user or use the default admin user with a valid email address.
    2. Enable Web service access.


    3. Save the REST API key that you will receive by email.

    Configuring FortiPortal

    When you select Authentication Access > Remote, the remote server is set to FortiAuthenticator by default, and the system displays additional settings to configure.

    If you change the authentication configuration from local to remote or from remote to local, you must restart FortiPortal.

    The following table describes the remote authentication fields:

    Settings

    Guidelines

    Remote Server

    Select FortiAuthenticator.

    Allow Service Provider
    Usernames without Domain

    Enable or disable. If you enable this field, the user can enter the user ID without a domain qualifier, and the system will try to authenticate the user credentials in each of the domains until a match is found.

    Remote Server Key

    Secret key for REST API requests

    Remote Server IP Address

    IP address of the authentication server

    Remote Server Port

    Port for the authentication server (default is 443)

    Remote Server User
    (FortiAuthenticator only)

    Administrator user name for the authentication server. This user must have sufficient permission to initiate REST API requests.

    Domains

    The site administrator may allow administrative users to be defined in more than one domain.
    Enter a domain and then select the + button. The new domain appears in the list below the entry box.

    To configure FortiPortal:
    1. Go to Admin > Settings.
    2. For Authentication Access, select Remote.
    3. In the Remote Server drop-down menu, select FortiAuthenticator.
    4. In the Remote Server Key field, paste the REST API key that you received in email (see step 3 in “Configuring FortiAuthenticator”).
    5. In the Remote Server Port field, enter 443.
    6. In the Remote Server User field, enter the name of the admin user from step 1 of “Configuring FortiAuthenticator.”
    7. In the Domains field, add the domain for the administrator user. For example, if the administrator user is abc@test.com, add test.com in the Domains field.


    8. Select Save.
    Previous
    Next