Adding FortiAuthenticator to FortiGuest
Perform the following steps to add FortiAuthenticator to FortiGuest.
- Navigate to Access Management > Authentication > Authentication Servers.
- Click +New.
- Enter the required information.
- Enter a name.
- Select Generic SAML IDP as the Server Type.
- Click Next.
- Configure the following SAML Settings for the Identity Provider. These settings configure the data FortiGuest requires to connect to the authentication server.
Field
Description
Server Enter the FortiAuthenticator server hostname or IP address. Entity ID Paste the copied values from FortiAuthenticator. See Creating a Service Provider in FortiAuthenticator. Single SignOn Service EndPoint Single LogOut Service EndPoint Select Identity Provider Signing Certificate Select the signing certificate exported from FortiAuthenticator server. See Prerequisites.
If encryption certificate is not provided then signing certificate will be used for encryption.
Select Identity Provider Encryption Certificate
- Configure the following SAML Settings for the Service Provider.
Field
Description
Entity ID Values are auto populated. Assertion Consumer Service Endpoint Single Logout Service Endpoint Select NameID Format Select Email as the name identifier of the user. The NameID must be matched with the value configured in FortiAuthenticator. Currently, FortiGuest only supports Email as NameID. Select Signature Algorithm For Party Trust Select the signature algorithm used in the sign‐on process. Select Digest Algorithm For Party Trust Select the digest algorithm used in the digest process. - Configure additional SAML attributes. FortiGuest will look for these attributes to verify authentication attempts. Map the attributes from FortiAuthenticator to the attributes in your SAML profile on FortiGuest.
Field Description Attribute used to identify username The username attribute. Attribute used to identify email The email attribute. Attribute used to identify groups The groups attribute. - Click Submit.