Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Admin Guide

    Home FortiToken Cloud Admin Guide

    Demo: Configure FortiAuthenticator as SCIM client

    Demo: Configure FortiAuthenticator as SCIM client

    Tooltip

    • This demo is conducted using FortiAuthenticator VM v6.6.1, Build 1660 (GA) release.

    • For more information about FortiAuthenticator, visit https://docs.fortinet.com/document/fortiauthenticator/6.6.0/administration-

      guide/684814/service-providers.

    Configure the SCIM service provider

    1. From the main menu, click Authentication>SCIM>Service Provider>Create New. The Create New SCIM Service Provider page opens.

    2. Make the entries and/or selections as described in the following table, and click Save.

    Edit Service Provider
    Parameter Description
    Name Enter the name of the SCIM service provider (SP).
    SCIM endpoint Enter the SCIM SP IP address.
    Access token Enter the SCIM SP access token.
    Users/Groups To Synchronize
    Parameter Description
    Remote auth. server From the drop-down, select a remote authentication server (LDAP, RADIUS, or SAML) or select local users.
    Synchronization set

    Select from the following two options to synchronize users/groups:

    • All users/groups (default)

    • Custom (Note: If selected, you must select the user groups from the Available Groups list and move them to the Chosen Groups list. Only selected user groups and members of those user groups are synced. For remote LDAP servers, only groups with the list of users are included. These are groups without LDAP filter.)
    User Attributes Mapping
    Parameter Description
    User name Enter the user name. The default value is userName.
    First name Enter the user's first name. The default value is name.givenName.
    Last name Enter the user's last name. The default value is name.familyName.
    Email Enter the user's email address. The default value is emails[type eq "work"].value.
    Phone number Enter the user's phone number.
    Mobile number Enter the user's mobile number. The default value is phoneNumbers[type eq"mobile"].value.
    User display name Enter the user's display name. The default value is displayName.
    Company Enter the user's company name. The default value is organization.

    Department

    Enter the user's department. The default value is department.

    Title

    Enter the user's title. The default value is title.

    Active

    Enter the user status. The default value is active.

    Custom fields configured in Authentication>User Account Policies>Custom User Fields.
    Group Attributes Mapping
    Parameter Description
    Group display name Enter the group's display name. The default value is displayName.
    Group members Enter the group's members. The default value is members.

    Sync users/groups to FortiToken Cloud

    1. From the main menu, click Authentication >SCIM>Service Provider.

    2. Checkmark the SCIM service provider that you've just created.

    3. Click Edit to open the Edit SCIM Service Provider page.

    4. Click Sync.

    Add a local user

    1. From the main menu, click Authentication>User Management>Local Users>Create New.

    2. Make the required entries and selection as shown in the following screenshot.

    3. Click Save.

    Note

    The user that you have just created is now added to FortiAuthenticator and FTC (the SCIM server).

    1. Checkmark the user of interest, and click Delete.

    2. Click the Yes I'm sure to the confirmation.

      Note

      The selected user is now removed from both FortiAuthenticator and FTC.
    Previous
    Next

    Demo: Configure FortiAuthenticator as SCIM client

    Demo: Configure FortiAuthenticator as SCIM client

    Tooltip

    • This demo is conducted using FortiAuthenticator VM v6.6.1, Build 1660 (GA) release.

    • For more information about FortiAuthenticator, visit https://docs.fortinet.com/document/fortiauthenticator/6.6.0/administration-

      guide/684814/service-providers.

    Configure the SCIM service provider

    1. From the main menu, click Authentication>SCIM>Service Provider>Create New. The Create New SCIM Service Provider page opens.

    2. Make the entries and/or selections as described in the following table, and click Save.

    Edit Service Provider
    Parameter Description
    Name Enter the name of the SCIM service provider (SP).
    SCIM endpoint Enter the SCIM SP IP address.
    Access token Enter the SCIM SP access token.
    Users/Groups To Synchronize
    Parameter Description
    Remote auth. server From the drop-down, select a remote authentication server (LDAP, RADIUS, or SAML) or select local users.
    Synchronization set

    Select from the following two options to synchronize users/groups:

    • All users/groups (default)

    • Custom (Note: If selected, you must select the user groups from the Available Groups list and move them to the Chosen Groups list. Only selected user groups and members of those user groups are synced. For remote LDAP servers, only groups with the list of users are included. These are groups without LDAP filter.)
    User Attributes Mapping
    Parameter Description
    User name Enter the user name. The default value is userName.
    First name Enter the user's first name. The default value is name.givenName.
    Last name Enter the user's last name. The default value is name.familyName.
    Email Enter the user's email address. The default value is emails[type eq "work"].value.
    Phone number Enter the user's phone number.
    Mobile number Enter the user's mobile number. The default value is phoneNumbers[type eq"mobile"].value.
    User display name Enter the user's display name. The default value is displayName.
    Company Enter the user's company name. The default value is organization.

    Department

    Enter the user's department. The default value is department.

    Title

    Enter the user's title. The default value is title.

    Active

    Enter the user status. The default value is active.

    Custom fields configured in Authentication>User Account Policies>Custom User Fields.
    Group Attributes Mapping
    Parameter Description
    Group display name Enter the group's display name. The default value is displayName.
    Group members Enter the group's members. The default value is members.

    Sync users/groups to FortiToken Cloud

    1. From the main menu, click Authentication >SCIM>Service Provider.

    2. Checkmark the SCIM service provider that you've just created.

    3. Click Edit to open the Edit SCIM Service Provider page.

    4. Click Sync.

    Add a local user

    1. From the main menu, click Authentication>User Management>Local Users>Create New.

    2. Make the required entries and selection as shown in the following screenshot.

    3. Click Save.

    Note

    The user that you have just created is now added to FortiAuthenticator and FTC (the SCIM server).

    1. Checkmark the user of interest, and click Delete.

    2. Click the Yes I'm sure to the confirmation.

      Note

      The selected user is now removed from both FortiAuthenticator and FTC.
    Previous
    Next