Remote authentication using FortiAuthenticator
You need to set up both FortiAuthenticator and FortiPortal before you can use FortiAuthenticator for remote authentication.
Configuring FortiAuthenticator
Before using FortiAuthenticator for remote authentication, go to System > Messaging > SMTP Servers in FortiAuthenticator and make certain that the SMTP server is working. If the SMTP server is not working, configure a new SMTP server and then select it in System > Messaging > Email Services.
To configure FortiAuthenticator:
- Configure an administrator user or use the default
admin
user with a valid email address. - Enable Web service access.
- Save the REST API key that you will receive by email.
Configuring FortiPortal
When you select Authentication Access > Remote, the remote server is set to FortiAuthenticator by default, and the system displays additional settings to configure.
If you change the authentication configuration from local to remote or from remote to local, you must restart FortiPortal.
The following table describes the remote authentication fields:
Settings |
Guidelines |
---|---|
Allow Service Provider |
Enable or disable. If you enable this field, the user can enter the user ID without a domain qualifier, and the system will try to authenticate the user credentials in each of the domains until a match is found. |
Remote Server |
Select FortiAuthenticator. |
Domains |
The site administrator may allow administrative users to be defined in more than one domain. Enter a domain and then select the + button. The new domain appears in the list below the entry box. |
Remote Server IP Address |
IP address of the authentication server |
Remote Server Port |
Port for the authentication server (default is 443) |
Remote Server Key |
Secret key for REST API requests |
Remote Server User (FortiAuthenticator only) |
Administrator user name for the authentication server. This user must have sufficient permission to initiate REST API requests. |
To configure FortiPortal:
- Go to Admin > Settings.
- For Authentication Access, select Remote.
- In the Remote Server drop-down menu, select FortiAuthenticator.
- In the Remote Server Key field, paste the REST API key that you received in email (see step 3 in “Configuring FortiAuthenticator”).
- In the Remote Server Port field, enter
443
. - In the Remote Server User field, enter the name of the admin user from step 1 of “Configuring FortiAuthenticator.”
- In the Domains field, add the domain for the administrator user. For example, if the administrator user is
abc@test.com
, addtest.com
in the Domains field. - Select Save.