how to specify a FAC group for Fortigate administrator login

Forum|Forum|1 year ago
December 9, 2024
2 replies
1817 views

Hello, I would like to know how to use FortiAuthenticator to configure saml SSO login for Fortigate administrators, and how to specify a FAC group for Fortigate administrator login

Best answer by dingjerry_FTNT

Hi @nplljw ,

1) Configure SAML settings on FortiAuthenticator

https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/164528/configure-saml-settings-on-fortiauthenticator

2) Please also check this KB:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-up-SAML-admin-LDAP-login-on-Fortigate-SP-with/ta-p/241591

dingjerry_FTNTAnswer

Staff

Hi @nplljw ,

1) Configure SAML settings on FortiAuthenticator

https://docs.fortinet.com/document/fortiauthenticator/6.5.0/cookbook/164528/configure-saml-settings-on-fortiauthenticator

2) Please also check this KB:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-up-SAML-admin-LDAP-login-on-Fortigate-SP-with/ta-p/241591

pminarik

Staff

FortiGate currently does not support group-based or wildcard-admin-based administrator logins with SAML. All authentication is individual, per-user. No support for dynamic VDOM assignment or access profile assignment either.

Restrictions as to who can authenticate can only be imposed from the IdP side. Unfortunately, FortiAuthenticator only allows configuring group-based restrictions on the "global level" for SAML (SAMl IdP > General), not on a per-SP basis. But maybe that will suffice for you?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded