FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
Article Id 195085



This article explains how to enable the self-service portal for use in certificate enrollment and changing passwords.


FortiAuthenticator 6.x with a Remote LDAP server already configured with the necessary users imported.


If FortiAuthenticator is deployed as a Certificate Authority in a network for certificate based operations, an administrator a simple way to deploy user certificates.

FortiAuthenticator has a self-service portal that can allow self-registration for certificate enrollment. This guide lists the steps needed to enable this service.

The self-service portal also allows password change utility for local FortiAuthenticator users. The password change option for Remote LDAP/RADIUS users is not supported at this time.


To set up device enrollment for remote LDAP users, perform the following configuration tasks:
- Configure a wildcard enrollment request.
- Enable the SSO User Portal.
1) Configure a wildcard enrollment request
It is necessary to create a wildcard Certificate enrollment request on the FortiAuthenticator before performing the following steps. The request requires a certificate authority to be chosen. The password creation can either be random or the SCEP default enrollment password.
If the SCEP default enrollment password is selected, it will be necessary to configure the SCEP general settings.


2) Enable the SSO User Portal. Enable the smart card options if needed.




After the above steps, users should be able to log in to the FortiAuthenticator User Portal and enroll for certificates.