Description

This article explains two portals that FortiAuthenticator offers, captive portal and self-service portal, their purpose, and differences.

Scope

FortiAuthenticator.

Solution

FortiAuthenticator can provide a number of portal services, including captive portal and self-service portal.

These two in particular are sometimes confused; the goal of this Knowledge Base article is to detail the purpose of each one.

1) Self-service portal.

This is an option to allow users to access FortiAuthenticator directly for specific purposes such as:

- Registering themselves.

- Requesting a FortiToken.

- Reporting a lost FortiToken.

- Editing their information in FortiAuthenticator (updating email address/mobile number, etc).

2) Captive Portal.

This is an option to allow users to authenticate; the user would be redirected from the host asking for authentication (such as a FortiGate or Wireless Controller) to FortiAuthenticator, which handles the authentication and upon a successful one sends the user back to the original host.

3) Using Captive Portal vs Self-Service Portal.

Self-service portal is ONLY to be used for users to access FortiAuthenticator directly, to create and edit their accounts. Self-service portal does not handle user authentication for other hosts!

Captive portal handles authenticating users for other hosts, not self-service portal.

In some instances, a captive portal authentication WITH registration is desired (to allow guests to connect and create their own account, for example).

However, this is NOT done via self-service portal.

Captive Portal does also allow for user registration; what options a portal allows (registration, etc) are defined in the actual portal used in a portal policy.

Captive Portal policy:

And the portal:

Self-service policy:

And the portal: