FortiGate / FortiOS 6.2.0 - SAML with opensource IdP (keycloack)

Forum|Forum|6 years ago
July 19, 2019
2 replies
4928 views

Hi,

I would like to know if the only way to use SAML to login Fortigate appliance (or VM) is using FortiAuthenticator ?

So SAML on fortigate is only for Fabric and if we want to use SAML from our IdP we need to use FortiAuthenticator and use FSSO between FortiAuthenticator and Fortigate Root?

We are agree that in this case FortiAuthenticator allow to use any IdP? I saw samples in docs with Okta/ Google G Suite / Centrify

http://docs.fortinet.com/...saml-sso-configuration

"You can select Custom when you want to change the default settings for IdP single-sign-on URL and IdP single logout URL"

Following the documentation link above the only things what we can change is the "sign-on" and "logout" URLs but in the appliance we can change IdP entity ID too.

Tanks a lot for any clue/help

FortiGate

JulienDuvouxAuthor

New Member

wrong place ... sorry.

How can i move it ?

pmit

New Member

Any word on this. I do not have a FortiAuthenticator. This functionality should be built into FortiGate. Only super large organizations should need a separate authentication appliance. I would like to use a third part IDP such as Google or Azure to authenticate users to my Fortigate.

I'm using a 500D with 6.2.1

Is this possible yet?

JulienDuvouxAuthor

New Member

Thanks for answered.

This is for a very large organization but for a small entity of this. The IdP is not a FortiAuthenticator so we can't use this to handle fortigates and we have not authorization to use external (third party) IdP... the goal is to use actual IdP.

None information about it and documentation is poor...

Anyway thanks for help.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded