Fortinet black logo

Administration Guide

Remote authentication using FortiAuthenticator

Remote authentication using FortiAuthenticator

You need to set up both FortiAuthenticator and FortiPortal before you can use FortiAuthenticator for remote authentication.

Configuring FortiAuthenticator

Before using FortiAuthenticator for remote authentication, go to System > Messaging > SMTP Servers in FortiAuthenticator and make certain that the SMTP server is working. If the SMTP server is not working, configure a new SMTP server and then select it in System > Messaging > Email Services.

To configure FortiAuthenticator:
  1. Configure an administrator user or use the default admin user with a valid email address.
  2. Enable Web service access.


  3. Save the REST API key that you will receive by email.

Configuring FortiPortal

When you select Authentication Access > Remote, the remote server is set to FortiAuthenticator by default, and the system displays additional settings to configure.

If you change the authentication configuration from local to remote or from remote to local, you must restart FortiPortal.

The following table describes the remote authentication fields:

Settings

Guidelines

Allow Service Provider
Usernames without Domain

Enable or disable. If you enable this field, the user can enter the user ID without a domain qualifier, and the system will try to authenticate the user credentials in each of the domains until a match is found.

Remote Server

Select FortiAuthenticator.

Domains

The site administrator may allow administrative users to be defined in more than one domain.

Enter a domain and then select the + button. The new domain appears in the list below the entry box.

Remote Server IP Address

IP address of the authentication server

Remote Server Port

Port for the authentication server (default is 443)

Remote Server Key

Secret key for REST API requests

Remote Server User

(FortiAuthenticator only)

Administrator user name for the authentication server. This user must have sufficient permission to initiate REST API requests.

To configure FortiPortal:
  1. Go to Admin > Settings.
  2. For Authentication Access, select Remote.
  3. In the Remote Server drop-down menu, select FortiAuthenticator.
  4. In the Remote Server Key field, paste the REST API key that you received in email (see step 3 in “Configuring FortiAuthenticator”).
  5. In the Remote Server Port field, enter 443.
  6. In the Remote Server User field, enter the name of the admin user from step 1 of “Configuring FortiAuthenticator.”
  7. In the Domains field, add the domain for the administrator user. For example, if the administrator user is abc@test.com, add test.com in the Domains field.

  8. Select Save.

Remote authentication using FortiAuthenticator

You need to set up both FortiAuthenticator and FortiPortal before you can use FortiAuthenticator for remote authentication.

Configuring FortiAuthenticator

Before using FortiAuthenticator for remote authentication, go to System > Messaging > SMTP Servers in FortiAuthenticator and make certain that the SMTP server is working. If the SMTP server is not working, configure a new SMTP server and then select it in System > Messaging > Email Services.

To configure FortiAuthenticator:
  1. Configure an administrator user or use the default admin user with a valid email address.
  2. Enable Web service access.


  3. Save the REST API key that you will receive by email.

Configuring FortiPortal

When you select Authentication Access > Remote, the remote server is set to FortiAuthenticator by default, and the system displays additional settings to configure.

If you change the authentication configuration from local to remote or from remote to local, you must restart FortiPortal.

The following table describes the remote authentication fields:

Settings

Guidelines

Allow Service Provider
Usernames without Domain

Enable or disable. If you enable this field, the user can enter the user ID without a domain qualifier, and the system will try to authenticate the user credentials in each of the domains until a match is found.

Remote Server

Select FortiAuthenticator.

Domains

The site administrator may allow administrative users to be defined in more than one domain.

Enter a domain and then select the + button. The new domain appears in the list below the entry box.

Remote Server IP Address

IP address of the authentication server

Remote Server Port

Port for the authentication server (default is 443)

Remote Server Key

Secret key for REST API requests

Remote Server User

(FortiAuthenticator only)

Administrator user name for the authentication server. This user must have sufficient permission to initiate REST API requests.

To configure FortiPortal:
  1. Go to Admin > Settings.
  2. For Authentication Access, select Remote.
  3. In the Remote Server drop-down menu, select FortiAuthenticator.
  4. In the Remote Server Key field, paste the REST API key that you received in email (see step 3 in “Configuring FortiAuthenticator”).
  5. In the Remote Server Port field, enter 443.
  6. In the Remote Server User field, enter the name of the admin user from step 1 of “Configuring FortiAuthenticator.”
  7. In the Domains field, add the domain for the administrator user. For example, if the administrator user is abc@test.com, add test.com in the Domains field.

  8. Select Save.