Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
Anonymous
Not applicable

Created on ‎12-02-2021 03:17 AM Edited on ‎07-10-2025 08:02 AM By Community Manager

Article Id 200137

Technical Tip: How to reduce the generated IdP prefix in order to allow for more than 16 IdPs/Domains

Description This article describes how to reduce the generated IdP prefix to allow for more than 16 IdPs/Domains.
Scope FortiAuthenticator.
Solution

Steps to decrease the IdP prefix to increase the IdP/domain count:

  1. Add SP by going to Authentication -> SAML IdP -> Service Providers and selecting 'Create New'.

 

kb5.jpg

 

  1. Input all relevant information.

     

  2. For 'IdP Metadata', select the plus sign.

 

kb3.jpg

 

  1. Select 'Random' and a 16-character prefix is populated.

 

kb4.jpg

 

  1. Limit is 255 (alphanumeric (26 + 10)) characters. 

    As such, for 16 16-character prefix, it is possible to make 16 domains. Ensure all prefixes are unique.

     

  2. Decrease this to as low as 3 to be able to get the most out of the 255 limit. 2 or lower, and not so many unique combinations are getting.

     

 

This process is also applicable for manually creating the IdP prefix. Simply do not do step 4.  
416
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.