FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Article Id 195402

This article describes best practices for SAML Admin authentication with FortiAnalyzer.

SAML can be enabled across all Security Fabric units, enabling smooth movement between units for the administrator.
FortiAnalyzer can play the role of the identity provider (IdP) or the service provider (SP) when an external identity provider is available.

Units configured to the IdP can be accessed through the Quick Access menu which appears in the top-right corner of the main menu.
Logging into an SP unit will redirect  to the IdP login page.

By default, it is a Fortinet login page.
After successful authentication, it is possible access other SP units from within the same browser without additional authentication.

1) Go to System Settings -> SAML SSO.
2) Select Identity Provider(IdP).
3) In the IdP Certificate dropdown, choose a certificate where IdP is used.
4) Select Download to get the IdP certificate, used later to configure SPs.
5) Select 'Apply'.
6) In the SP Settings table, select 'Create' to add a service provider.
7) In the Edit Service Provider window: l Enter a name for the SP.
- Select Fortinet as the SP Type.
- If the SP is not a Fortinet product, select Custom as the SP Type and copy the SP Entity ID, SP ACS (Login) URL, and SP SLS (Logout) URL from the SPs configuration page.
- Enter the SP IP address.
- Copy down the IdP Prefix. It is required when configuring SPs.
8) Select 'OK'.
9) A custom login page can be created by moving the Login Page Template toggle to the On position and selecting Customize.

To configure FortiAnalyzer as a service provider:
1) Go to System Settings -> SAML SSO.
2) Select Service Provider(SP).
3) Select Fortinet as the IdP Type.
4) Enter the IdP IP address and the IdP prefix that obtained while configuring the IdP unit.
5) Select the IdP certificate.
If this is a first-time set up, import the IdP certificate that downloaded while configuring the IdP unit.
6) Confirm that the information is correct and select 'Apply'.
7) Repeat the steps for each FortiAnalyzer/FortiManager that is to be set as a service provider.