Remote authentication: RADIUS

Configure the following in the RADIUS server:

Add the following vendor-specific attributes to the Fortinet dictionary file:

Fortinet-Fpc-User-Role

Fortinet-Fpc-Tenant-Identification

For example, if you are using FreeRADIUS:

#
#       Fortinet's VSAs
#

VENDOR        Fortinet                        12356

BEGIN-VENDOR  Fortinet
ATTRIBUTE     Fortinet-Group-Name                  1  string
ATTRIBUTE     Fortinet-Client-IP-Address           2  ipaddr
ATTRIBUTE     Fortinet-Vdom-Name                   3  string
ATTRIBUTE     Fortinet-Client-IPv6-Address         4  octets
ATTRIBUTE     Fortinet-Interface-Name              5  string
ATTRIBUTE     Fortinet-Access-Profile              6  string
ATTRIBUTE     Fortinet-Fpc-User-Role               40 string ###add this
ATTRIBUTE     Fortinet-Fpc-Tenant-Identification   41 string ###add this

#
# Integer Translations
#

END-VENDOR Fortinet

To configure FortiPortal roles in the RADIUS server, use the following vendor-specific attribute. You can specify multiple roles by using comma-separated values:
VENDORATTR 12356 Fortinet-Fpc-User-Role 40 string
A user will not be able to login to FortiPortal if the roles are not configured on the RADIUS server.
To configure which sites will use RADIUS authentication, use the following vendor-specific attribute. You can specify multiple sites by using comma-separated values. If no sites are specified, users have access to all sites.
VENDORATTR 12356 Fortinet-Fpc-Tenant-User-Sites 42 string
Specify the customer identification, which is used to map a particular user to a customer profile. The RADIUS server will send one of the domain names specified in the Domains field of the customer settings, in the value of the new VSA.
VENDORATTR Fortinet-Fpc-Tenant-Identification 41 string

Remote authentication: RADIUS

Configure the following in the RADIUS server:

Add the following vendor-specific attributes to the Fortinet dictionary file:

Fortinet-Fpc-User-Role

Fortinet-Fpc-Tenant-Identification

For example, if you are using FreeRADIUS:

#
#       Fortinet's VSAs
#

VENDOR        Fortinet                        12356

BEGIN-VENDOR  Fortinet
ATTRIBUTE     Fortinet-Group-Name                  1  string
ATTRIBUTE     Fortinet-Client-IP-Address           2  ipaddr
ATTRIBUTE     Fortinet-Vdom-Name                   3  string
ATTRIBUTE     Fortinet-Client-IPv6-Address         4  octets
ATTRIBUTE     Fortinet-Interface-Name              5  string
ATTRIBUTE     Fortinet-Access-Profile              6  string
ATTRIBUTE     Fortinet-Fpc-User-Role               40 string ###add this
ATTRIBUTE     Fortinet-Fpc-Tenant-Identification   41 string ###add this

#
# Integer Translations
#

END-VENDOR Fortinet

To configure FortiPortal roles in the RADIUS server, use the following vendor-specific attribute. You can specify multiple roles by using comma-separated values:
VENDORATTR 12356 Fortinet-Fpc-User-Role 40 string
A user will not be able to login to FortiPortal if the roles are not configured on the RADIUS server.
To configure which sites will use RADIUS authentication, use the following vendor-specific attribute. You can specify multiple sites by using comma-separated values. If no sites are specified, users have access to all sites.
VENDORATTR 12356 Fortinet-Fpc-Tenant-User-Sites 42 string
Specify the customer identification, which is used to map a particular user to a customer profile. The RADIUS server will send one of the domain names specified in the Domains field of the customer settings, in the value of the new VSA.
VENDORATTR Fortinet-Fpc-Tenant-Identification 41 string

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Administration Guide

Remote authentication: RADIUS

Remote authentication: RADIUS

Configure the following in the RADIUS server:

Remote authentication: RADIUS

Remote authentication: RADIUS

Configure the following in the RADIUS server: