Fortinet black logo

SSO Third Party Integration

Home FortiNAC-F 7.2.0 SSO Third Party Integration
7.2.0
7.4.0
7.2.0

Requirements

Requirements

FortiNAC

  • Supported Engine Version: 8.3 and greater

  • Recommended Engine Version: 8.8.10, 9.1.3 and greater

  • Either an owner or a logged-on user must be associated with the host in the FortiNAC database:

    • An owner will be associated with a host if the host was registered to a user. The “Registered To” column in the Hosts > Host View will be populated with the User ID.

    • If there is a logged-on user, the "Logged On User" column in the Hosts > Host View will be populated with the User ID. The field will be empty if no one is logged on or if the information is unavailable.

      Logged-on user information can be provided to FortiNAC using any of the following methods:

      • Persistent Agent (Windows hosts)

      • RADIUS 802.1x Authentication: User name is tracked as long as the EAP type configured in the host supplicant identifies the user (such as with PEAP). If the user name is encrypted or not provided (such as with EAP TTLS or EAP TLS), the name cannot be identified.

      • Logon scripts

        Registration methods such as the Persistent Agent, Device Profiler, or login scripts can be set to register hosts as devices, but then it is the user's login/logout that triggers the messages to be sent from FortiNAC to 3rd Party SSO Device.

3rd Party SSO Device

  • Must support one of the following:

    • Radius Accounting

    • Custom XML script: Must be written by customer due to varying requirement of 3rd party products

  • Do not block the applicable port between the FortiNAC and the SSO Device

    • Radius Accounting: Port 1813

    • XML: Port 5007

Previous
Next

Requirements

FortiNAC

  • Supported Engine Version: 8.3 and greater

  • Recommended Engine Version: 8.8.10, 9.1.3 and greater

  • Either an owner or a logged-on user must be associated with the host in the FortiNAC database:

    • An owner will be associated with a host if the host was registered to a user. The “Registered To” column in the Hosts > Host View will be populated with the User ID.

    • If there is a logged-on user, the "Logged On User" column in the Hosts > Host View will be populated with the User ID. The field will be empty if no one is logged on or if the information is unavailable.

      Logged-on user information can be provided to FortiNAC using any of the following methods:

      • Persistent Agent (Windows hosts)

      • RADIUS 802.1x Authentication: User name is tracked as long as the EAP type configured in the host supplicant identifies the user (such as with PEAP). If the user name is encrypted or not provided (such as with EAP TTLS or EAP TLS), the name cannot be identified.

      • Logon scripts

        Registration methods such as the Persistent Agent, Device Profiler, or login scripts can be set to register hosts as devices, but then it is the user's login/logout that triggers the messages to be sent from FortiNAC to 3rd Party SSO Device.

3rd Party SSO Device

  • Must support one of the following:

    • Radius Accounting

    • Custom XML script: Must be written by customer due to varying requirement of 3rd party products

  • Do not block the applicable port between the FortiNAC and the SSO Device

    • Radius Accounting: Port 1813

    • XML: Port 5007

Previous
Next