Fortinet black logo

FortiGuest SAML Integration

Home FortiGuest 1.2.0 FortiGuest SAML Integration
1.2.0
1.2.0

Creating a Service Provider in FortiAuthenticator

Creating a Service Provider in FortiAuthenticator

Perform the following steps to create a new service provider in FortiAuthenticator.

  1. Log in to FortiAuthenticator portal.

  2. Navigate to Authentication > SAML IdP > Service Providers.

  3. Click +Create New.

  4. Configure the following in Create New SAML Service Provider page.

    1. Enter FortiGuest host name in SP name field.

    2. Select a prefix for the IdP that is appended to the end of the IdP URLs. Select + to create an alternate IdP prefix. Alternatively, you can select Generate prefix in the Create Alternate IdP Prefix dialog to generate a random 16 digit alphanumeric string.

    3. Copy the IdP entity id, IdP single sign-on URL, and IdP single logout URL values. These values are required to add FortiAuthenticator to FortiGuest.

    4. Select a server certificate to use for the SP. If a certificate is not selected, the specified default IdP certificate is used.

    5. Select an IdP signing algorithm from the drop down.

  5. Configure the following in Assertion Attribute Configuration section.

    1. Select Email as Subject NameID.

    2. Select format with emailAddress as suffix as Format.

  6. Configure the following in Assertion Attributes section.

    1. Click + Add Assertion Attribute.

    2. Enter a name for SAML attribute.

    3. Select the required attribute from the User attribute drop down.

    4. Repeat the steps 11.a to 11.c to create three attribute Group, Email, and Name. These attributes must be matched with the attributes configured in FortiGuest.

  7. Click Save.

For more information on creating and configuring service providers in FortiAuthenticator, see FortiAuthenticator Administration Guide > Service providers.
Previous
Next

Creating a Service Provider in FortiAuthenticator

Perform the following steps to create a new service provider in FortiAuthenticator.

  1. Log in to FortiAuthenticator portal.

  2. Navigate to Authentication > SAML IdP > Service Providers.

  3. Click +Create New.

  4. Configure the following in Create New SAML Service Provider page.

    1. Enter FortiGuest host name in SP name field.

    2. Select a prefix for the IdP that is appended to the end of the IdP URLs. Select + to create an alternate IdP prefix. Alternatively, you can select Generate prefix in the Create Alternate IdP Prefix dialog to generate a random 16 digit alphanumeric string.

    3. Copy the IdP entity id, IdP single sign-on URL, and IdP single logout URL values. These values are required to add FortiAuthenticator to FortiGuest.

    4. Select a server certificate to use for the SP. If a certificate is not selected, the specified default IdP certificate is used.

    5. Select an IdP signing algorithm from the drop down.

  5. Configure the following in Assertion Attribute Configuration section.

    1. Select Email as Subject NameID.

    2. Select format with emailAddress as suffix as Format.

  6. Configure the following in Assertion Attributes section.

    1. Click + Add Assertion Attribute.

    2. Enter a name for SAML attribute.

    3. Select the required attribute from the User attribute drop down.

    4. Repeat the steps 11.a to 11.c to create three attribute Group, Email, and Name. These attributes must be matched with the attributes configured in FortiGuest.

  7. Click Save.

For more information on creating and configuring service providers in FortiAuthenticator, see FortiAuthenticator Administration Guide > Service providers.
Previous
Next