Document
Library

Administration Guide

What's new in FortiSRA
- FortiSRA 1.4.1
Introduction
- FortiSRA concepts
- Organization of the guide
- Using the GUI
  - Banner
  - Tables
- Modes of operation
- FortiSRA deployment options
- Feature availability
FortiSRA installation
- FortiSRA appliance setup
- FortiSRA with TPM
- Connecting to target remote systems
Licensing
- License expiry and renewal
- Renewing FortiSRA-VM license
Dashboard
- Adding a custom dashboard
- System information widget
- Licenses widget
  - FortiGuard Distribution Network
- VM license
Secrets
- Secrets
- Targets
  - Creating a target
  - Web proxy
- Gateway
- Personal/public folder
  - Creating a folder
- My requests list
  - Make a request
- Approval list
  - Approving a request
  - Reviewing multiple requests
- Job list
  - Creating a job
- Discovery
  - Creating discovery entry
Secret settings
- Classification tags
  - Creating a classification tag
- Templates
  - Creating secret templates
- Launchers
  - Launch session monitor
- Policies
  - Creating a policy
    - Applying a policy to a folder
- Addresses
  - Creating an address
  - Creating an address group
- Dependency updater
  - Creating a dependency updater
  - Updating a service account credential Example
- Approval flow
  - Approval profile
    - Enabling approval profiles for a secret
    - Create an approval profile
- Approval email template
  - Creating an approval email template
  - Creating an approval email template using the CLI
- Password changers
  - Creating a password changer
    - Automatic password changing
    - Automatic password verification
- Password policies
  - Creating a password policy
    - Applying a password policy to a secret template
- Character sets
  - Creating a character set
- AntiVirus
  - Creating an antivirus profile
    - Enabling antivirus scan in a secret
- Data loss prevention (DLP) protection for secrets
  - Supported file types
- DLP file pattern
- SSH filter profiles
  - Creating an SSH filter
    - Adding SSH filter to secret
    - Example SSH filter profiles example
- Event filter profile
  - Creating an event filter profile
- Window app filter
  - Creating a Windows app filter profile
User management
- User list
  - Creating a user
  - Importing LDAP users
- User groups
  - Auto provision rules
- Sponsored groups
- Role
  - Access control options
  - Log permissions
- LDAP servers
- SAML Single Sign-On (SSO)
- Auto provision rules
  - Creating an auto provision rule
  - Setting up remote user auto provisioning using the CLI
- RADIUS servers
- Schedule
- FortiTokens
Monitoring
- User monitor
- Active sessions
  - Over-the-shoulder monitoring (Live recording)
Log & report
- Secret
- Events
- SSH
- Antivirus
- Date leak prevention
- Disk usage
- Automation
- Reports
  - General
    - Reports
    - Layout & schedule
  - Secret audit
- Log settings
  - Configuring log and video disk encryption
- Email alert settings
  - Email alert when the glass breaking mode is activated example
- Debug settings
- Automation trigger settings
Network
- Interfaces
  - Editing an interface
- Static routes
  - Creating an IPv4 static route
- DNS settings
- Security fabric
  - Fabric Connectors
    - FortiAnalyzer logging
- Packet capture
  - Creating a packet capture filter
System
- Settings
  - Testing the email service connection example
  - How FortiSRA chooses the sender email address
- High availability
- Certificates
- Replacement messages
  - Replacement messages descriptions
  - Editing a replacement message
    - Managing images
      - Adding an image
- SNMP
- Backup
  - Sending backup file to a server Example
  - Backing up/restoring log and video files using FTP CLI
- Firmware
- FortiSRA license
- FortiGuard license
- Concurrent user sessions
- Disclaimers via the CLI
Troubleshooting
- Troubleshoot using trace files
  - Example troubleshooting example
- FortiSRA HTTP filter
- Issue: WebRDP session recording fails and closes active session
- Troubleshooting log and video disk encryption issues
- Troubleshooting Windows application filter
Hardening
- Secure password storage
- Verify the private-data-encryption feature Example
- How to restore a backup configuration file with private-data-encryption enabled Example
- Enabling private-data-encryption on an HA cluster Example
Appendix A: Installation on KVM
Appendix B: Installation on VMware
Appendix C: Installing vTPM package on KVM and adding vTPM to FortiSRA-VM
Appendix D: vTPM for FortiSRA on VMware
Appendix E: Enabling soft RAID on KVM or VMware
Appendix F: Installation on Hyper-V
Appendix G: WinRM configuration for Windows server
Appendix H: How to find a selector Example
Appendix I: How to input the authentication path Example
Change Log

Home FortiSRA 1.4.1 Administration Guide

1.4.1

Appendix I: How to input the authentication path Example

Appendix I: How to input the authentication path Example

A login URL can be long. Usually, the URL is composed of:

Scheme: The protocol used to access the resource, e.g., https:// or http://.
Host: The IP address or the domain name of the server.
Path: The location of the resource on the server.
Other parameters: Additional information such as query parameters to the server about the request.
They are separated from the path by ?.

Example 1

When accessing the FortiSRA GUI by entering the login IP address, e.g., https://192.168.1.99 in the web browser address bar and hitting enter, the full URL shown in the browser is https://192.168.1.99/remote/login?lang=en.

You can specify /remote/login as the auth-path.

Example 2

For the Microsoft Azure portal, you can configure the auth-path as /organizations/oauth2/v2.0/authorize while the full authentication URL is https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fportal.azure.com%2Fsignin%2Findex%2F&response_type=code%20id_token&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&state=OpenIdConnect....

Previous

Next

Appendix I: How to input the authentication path Example

Appendix I: How to input the authentication path Example

A login URL can be long. Usually, the URL is composed of:

Scheme: The protocol used to access the resource, e.g., https:// or http://.
Host: The IP address or the domain name of the server.
Path: The location of the resource on the server.
Other parameters: Additional information such as query parameters to the server about the request.
They are separated from the path by ?.

Example 1

When accessing the FortiSRA GUI by entering the login IP address, e.g., https://192.168.1.99 in the web browser address bar and hitting enter, the full URL shown in the browser is https://192.168.1.99/remote/login?lang=en.

You can specify /remote/login as the auth-path.

Example 2

For the Microsoft Azure portal, you can configure the auth-path as /organizations/oauth2/v2.0/authorize while the full authentication URL is https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fportal.azure.com%2Fsignin%2Findex%2F&response_type=code%20id_token&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&state=OpenIdConnect....

Previous

Next