Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 7.6.0 CLI Reference
    7.6.0
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    system saml

    system saml

    You can configure Fabric Connector to use Single Sign-On (SSO) to log in to FortiWeb with FortiGate's administrator accounts.

    Use this command to configure the single sign on options on FortiWeb. Before using this command, you need to first use config system csf to configure the Fabric Connector. For a complete guide, see Fabric Connector: Single Sign On with FortiGate.

    To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

    Syntax

    config system saml

    set status {enable | disable}

    set default-login-page

    set default-profile

    set idp-entity-id

    set idp-single-sign-on-url

    set idp-single-logout-url

    set server-address

    end

    Variable

    Description

    Default

    status {enable | disable}

    Enable or disable single sign on mode.

    When this is enabled, the Single Sign-On option will be available on the login page of FortiWeb.

    		 disable
    default-login-page

    • normal: When accessing to FortiWeb GUI, the login page has both Single Sign-On and Non Single Sign-On login options.

    • sso: When accessing to FortiWeb GUI, it would redirect to the SAML Single Sign-On login page. Non Single Sign-On login is not available. User can only log in with FortiGate administrator accounts

    		 normal
    default-profile

    Logging in to FortiWeb via FortiGate Fabric Single Sign-On does not share the same admin profile between FortiWeb and FortiGate. It requires specifying profiles to those FortiGate administrator accounts on FortiWeb.

    Choose the profiles you have created in config system accprofile. The selected profiles will be assigned to the FortiGate administrator accounts that are used to log in to FortiWeb via the SAML Single Sign-On.

    The following two default profiles are available as well as the customized profiles if any:

    • admin_no_access: users will be assigned with none access privilege.

    • prof_admin: this is FortiWeb's default profile for root admin.
    		 No default

    idp-entity-id

    It's automatically synchronized from FortiGate if you have configured set configuration-sync enable in config system csf.

    No default

    idp-single-sign-on-url

    It's automatically synchronized from FortiGate if you have configured set configuration-sync enable in config system csf.

    No default

    idp-single-logout-url

    It's automatically synchronized from FortiGate if you have configured set configuration-sync enable in config system csf.

    No default

    server-address

    It's automatically synchronized from FortiGate if you have configured set configuration-sync enable in config system csf.

    No default

    Related topics

    Previous
    Next

    system saml

    system saml

    You can configure Fabric Connector to use Single Sign-On (SSO) to log in to FortiWeb with FortiGate's administrator accounts.

    Use this command to configure the single sign on options on FortiWeb. Before using this command, you need to first use config system csf to configure the Fabric Connector. For a complete guide, see Fabric Connector: Single Sign On with FortiGate.

    To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

    Syntax

    config system saml

    set status {enable | disable}

    set default-login-page

    set default-profile

    set idp-entity-id

    set idp-single-sign-on-url

    set idp-single-logout-url

    set server-address

    end

    Variable

    Description

    Default

    status {enable | disable}

    Enable or disable single sign on mode.

    When this is enabled, the Single Sign-On option will be available on the login page of FortiWeb.

    		 disable
    default-login-page

    • normal: When accessing to FortiWeb GUI, the login page has both Single Sign-On and Non Single Sign-On login options.

    • sso: When accessing to FortiWeb GUI, it would redirect to the SAML Single Sign-On login page. Non Single Sign-On login is not available. User can only log in with FortiGate administrator accounts

    		 normal
    default-profile

    Logging in to FortiWeb via FortiGate Fabric Single Sign-On does not share the same admin profile between FortiWeb and FortiGate. It requires specifying profiles to those FortiGate administrator accounts on FortiWeb.

    Choose the profiles you have created in config system accprofile. The selected profiles will be assigned to the FortiGate administrator accounts that are used to log in to FortiWeb via the SAML Single Sign-On.

    The following two default profiles are available as well as the customized profiles if any:

    • admin_no_access: users will be assigned with none access privilege.

    • prof_admin: this is FortiWeb's default profile for root admin.
    		 No default

    idp-entity-id

    It's automatically synchronized from FortiGate if you have configured set configuration-sync enable in config system csf.

    No default

    idp-single-sign-on-url

    It's automatically synchronized from FortiGate if you have configured set configuration-sync enable in config system csf.

    No default

    idp-single-logout-url

    It's automatically synchronized from FortiGate if you have configured set configuration-sync enable in config system csf.

    No default

    server-address

    It's automatically synchronized from FortiGate if you have configured set configuration-sync enable in config system csf.

    No default

    Related topics

    Previous
    Next