Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiPresence Cloud Administration Guide

    Home FortiPresence 22.4.0 FortiPresence Cloud Administration Guide
    22.4.0
    24.2.a
    24.1.a
    23.4.0
    23.3.0
    22.4.0

    External IDP Authentication

    External IDP Authentication

    FortiPresence supports integration of third-party Identity Provider (IDP) services to log-in for data analytics. This feature is useful for enterprises that need to secure their user credentials and hence provision FortiPresence access through their own IDP website. The external IDP initiated Security Assertion Markup Language (SAML) assertion consisting of specific IDP attributes is used by FortiCloud/FortiPresence to verify the user account details and grant required access. External IDP authentication is offered in conjunction with FortiCare and FortiAuthenticator. Contact the Fortinet Customer Support team to enable external IDP support and raise an enrollment request with the appropriate FortiCare accounts.

    Note: Support for SAML 2.0 and IDP initiated assertion response is required.

    After successful authentication on your IDP website, you are re-directed to the FortiCloud portal from where you access FortiPresence based on the configured roles. For more information, see FortiCloud documentation.

    Adding External IDP Roles

    Access the Identity & Access Management (IAM) service from the FortiCloud portal

    1. Navigate to Manage External IdP Roles and click Add IDP Role.
    2. Enter a unique Role Name and Description (optional).
      Note: The role name must exactly match the role attribute in the SAML assertion.
    3. Select an asset group from the Asset Permissions list.
    4. Configure the Effective Portal Permissions for the required portals. Click on the edit icon against the portal and update the following.

      Permission

      Description

      Allow Portal AccessToggle Yes to allow access to a portal.
      Access TypeSelect the Access Type that is defined by the selected portal. The allowed access types can vary for different portals.
      Additional Permisssion

      Allow Additional Permission based on the selected access type. The additional permission also varies for different portals.

    5. Configure the Cloud Management & Services permissions to enable access to FortiPresence. Click add (+) and select FortiPresence from the list.
    6. Click the edit icon and configure the required permissions for FortiPresence.
      • Toggle Yes to allow access to FortiPresence.
      • Select the required Access Type, Admin or Read-Only.

    7. Click Add Role.

    After the role is created, it is listed on the on the Manage External IdP Roles page. You can enable/disable or delete a created role. Select the role and click on the required option.

    Previous
    Next

    External IDP Authentication

    External IDP Authentication

    FortiPresence supports integration of third-party Identity Provider (IDP) services to log-in for data analytics. This feature is useful for enterprises that need to secure their user credentials and hence provision FortiPresence access through their own IDP website. The external IDP initiated Security Assertion Markup Language (SAML) assertion consisting of specific IDP attributes is used by FortiCloud/FortiPresence to verify the user account details and grant required access. External IDP authentication is offered in conjunction with FortiCare and FortiAuthenticator. Contact the Fortinet Customer Support team to enable external IDP support and raise an enrollment request with the appropriate FortiCare accounts.

    Note: Support for SAML 2.0 and IDP initiated assertion response is required.

    After successful authentication on your IDP website, you are re-directed to the FortiCloud portal from where you access FortiPresence based on the configured roles. For more information, see FortiCloud documentation.

    Adding External IDP Roles

    Access the Identity & Access Management (IAM) service from the FortiCloud portal

    1. Navigate to Manage External IdP Roles and click Add IDP Role.
    2. Enter a unique Role Name and Description (optional).
      Note: The role name must exactly match the role attribute in the SAML assertion.
    3. Select an asset group from the Asset Permissions list.
    4. Configure the Effective Portal Permissions for the required portals. Click on the edit icon against the portal and update the following.

      Permission

      Description

      Allow Portal AccessToggle Yes to allow access to a portal.
      Access TypeSelect the Access Type that is defined by the selected portal. The allowed access types can vary for different portals.
      Additional Permisssion

      Allow Additional Permission based on the selected access type. The additional permission also varies for different portals.

    5. Configure the Cloud Management & Services permissions to enable access to FortiPresence. Click add (+) and select FortiPresence from the list.
    6. Click the edit icon and configure the required permissions for FortiPresence.
      • Toggle Yes to allow access to FortiPresence.
      • Select the required Access Type, Admin or Read-Only.

    7. Click Add Role.

    After the role is created, it is listed on the on the Manage External IdP Roles page. You can enable/disable or delete a created role. Select the role and click on the required option.

    Previous
    Next