Fortinet black logo

Cookbook

SAML SSO overview

Copy Link
Copy Doc ID fed12558-14f5-11e9-b86b-00505692583a:250178
Download PDF

SAML SSO overview

SAML SSO enables a single FortiGate device to act as the Identify Provider (IdP), while other FortiGate devices act as Service Providers (SP) and redirect logins to the IdP.

All administrators must be actively added to each SP. When an administrator first logs in to an SP, a temporary account is created with the no access profile assigned, and the device administrator must enable access for each account on each device.

Following is an overview of the process:

  1. Configuring a FortiGate as the IdP.
  2. Configuring FGT_B as an SP.
  3. Creating a new system administrator on the IdP (FGT_A)
  4. Logging in to FGT_B using SSO.
  5. Granting permissions to new SSO administrator accounts.
  6. Logging in to FGT_B again using SSO.

You can also use the CLI. See CLI commands for SAML SSO.

SAML SSO overview

SAML SSO enables a single FortiGate device to act as the Identify Provider (IdP), while other FortiGate devices act as Service Providers (SP) and redirect logins to the IdP.

All administrators must be actively added to each SP. When an administrator first logs in to an SP, a temporary account is created with the no access profile assigned, and the device administrator must enable access for each account on each device.

Following is an overview of the process:

  1. Configuring a FortiGate as the IdP.
  2. Configuring FGT_B as an SP.
  3. Creating a new system administrator on the IdP (FGT_A)
  4. Logging in to FGT_B using SSO.
  5. Granting permissions to new SSO administrator accounts.
  6. Logging in to FGT_B again using SSO.

You can also use the CLI. See CLI commands for SAML SSO.