Creating a Service Provider in FortiAuthenticator
Perform the following steps to create a new service provider in FortiAuthenticator.
-
Log in to FortiAuthenticator portal.
-
Navigate to Authentication > SAML IdP > Service Providers.
-
Click +Create New.
-
Configure the following in Create New SAML Service Provider page.
-
Enter FortiGuest host name in SP name field.
-
Select a prefix for the IdP that is appended to the end of the IdP URLs. Select + to create an alternate IdP prefix. Alternatively, you can select Generate prefix in the Create Alternate IdP Prefix dialog to generate a random 16 digit alphanumeric string.
-
Copy the IdP entity id, IdP single sign-on URL, and IdP single logout URL values. These values are required to add FortiAuthenticator to FortiGuest.
-
Select a server certificate to use for the SP. If a certificate is not selected, the specified default IdP certificate is used.
-
Select an IdP signing algorithm from the drop down.
-
-
Configure the following in Assertion Attribute Configuration section.
-
Select Email as Subject NameID.
-
Select format with emailAddress as suffix as Format.
-
-
Configure the following in Assertion Attributes section.
-
Click + Add Assertion Attribute.
-
Enter a name for SAML attribute.
-
Select the required attribute from the User attribute drop down.
-
Repeat the steps 11.a to 11.c to create three attribute Group, Email, and Name. These attributes must be matched with the attributes configured in FortiGuest.
-
-
Click Save.
For more information on creating and configuring service providers in FortiAuthenticator, see FortiAuthenticator Administration Guide > Service providers. |