Description
This article explains two portals that FortiAuthenticator offers, captive portal and self-service portal, their purpose, and differences.
Scope
FortiAuthenticator.
Solution
FortiAuthenticator can provide a number of portal services, including captive portal and self-service portal.
These two in particular are sometimes confused; the goal of this Knowledge Base article is to detail the purpose of each one.
1) Self-service portal.
This is an option to allow users to access FortiAuthenticator directly for specific purposes such as:
- Registering themselves.
- Requesting a FortiToken.
- Reporting a lost FortiToken.
- Editing their information in FortiAuthenticator (updating email address/mobile number, etc).
2) Captive Portal.
This is an option to allow users to authenticate; the user would be redirected from the host asking for authentication (such as a FortiGate or Wireless Controller) to FortiAuthenticator, which handles the authentication and upon a successful one sends the user back to the original host.
3) Using Captive Portal vs Self-Service Portal.
Self-service portal is ONLY to be used for users to access FortiAuthenticator directly, to create and edit their accounts. Self-service portal does not handle user authentication for other hosts!
Captive portal handles authenticating users for other hosts, not self-service portal.
In some instances, a captive portal authentication WITH registration is desired (to allow guests to connect and create their own account, for example).
However, this is NOT done via self-service portal.
Captive Portal does also allow for user registration; what options a portal allows (registration, etc) are defined in the actual portal used in a portal policy.
Captive Portal policy:
And the portal:
Self-service policy:
And the portal:
