FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
nathan_h
Staff
Staff
Article Id 198650
Description
This article describes on how to configure FortiAuthenticator for FSSO using Syslog as the source. Custom Syslog Matching rule is used.
Solution
Configuration:

Select Fortinet SSO Methods -> SSO -> General. Toggle 'Enable Authentication' . Type in Secret Key. Toggle 'Enable Syslog SSO' and select OK. 


Select on [Configure syslog sources] or Fortinet SSO Methods -> SSO -> Syslog Source -> Syslog Sources (Top Right) -> Create New.

Matching rule: it is possible to create or use an existing parsing rule. 
To create a new rule select '+' sign. Fill in the required fields as shown below. You can use Test Rule to verify that parsing rule is correct. 




Select OK to create.
Enter the additional fields below and then select OK. 

IP address: IP address of the device/server that will send Syslog messages.

SSO user type: 
External: Users are not defined on the FortiAuthenticator and user groups come from the source.
Local users: Users are defined on the FortiAuthenticator as local users, and user groups are retrieved from the local groups. Any group from the syslog messages are ignored.
Remote users: Users are defined on a remote LDAP server and user groups are retrieved from the LDAP server. Any group from the syslog messages are ignored.





Verification:

 Logon Syslog Message:
  type="custom_logon" custom_user="FSSO_nathan" custom_ip="10.1.1.1" custom_group="fw_users"

 Monitor -> SSO -> SSO Sessions.


 FSSO Syslog Debug: https://<FAC IP>/debug/syslog_sso/


 Fortigate FSSO list.


 Logon Syslog Message:
  type="custom_logoff" custom_user="FSSO_nathan" custom_ip="10.1.1.1" custom_group="fw_users"

 Monitor -> SSO -> SSO Sessions.


 FSSO Syslog Debug: https://<FAC IP>/debug/syslog_sso/


Fortigate FSSO list.


Contributors