FortiAuthenticator provides access management and single sign on.
Article Id 210679


This article explains two portals that FortiAuthenticator offers, captive portal and self-service portal, their purpose, and differences.








FortiAuthenticator can provide a number of portal services, including captive portal and self-service portal.

These two in particular are sometimes confused; the goal of this Knowledge Base article is to detail the purpose of each one.


1) Self-service portal.


This is an option to allow users to access FortiAuthenticator directly for specific purposes such as:

- Registering themselves.

- Requesting a FortiToken.

- Reporting a lost FortiToken.

- Editing their information in FortiAuthenticator (updating email address/mobile number, etc).


2) Captive Portal.


This is an option to allow users to authenticate; the user would be redirected from the host asking for authentication (such as a FortiGate or Wireless Controller) to FortiAuthenticator, which handles the authentication and upon a successful one sends the user back to the original host.


3) Using Captive Portal vs Self-Service Portal.


Self-service portal is ONLY to be used for users to access FortiAuthenticator directly, to create and edit their accounts. Self-service portal does not handle user authentication for other hosts!

Captive portal handles authenticating users for other hosts, not self-service portal.


In some instances, a captive portal authentication WITH registration is desired (to allow guests to connect and create their own account, for example).

However, this is NOT done via self-service portal.


Captive Portal does also allow for user registration; what options a portal allows (registration, etc) are defined in the actual portal used in a portal policy.


Captive Portal policy:




And the portal:




Self-service policy:




And the portal: