Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
sfernando
Staff
Staff

Created on ‎07-27-2025 10:49 PM Edited on ‎07-28-2025 08:43 PM

Article Id 403755

Technical Tip: Importance of using external metadata file in SAML configuration in FortiAuthenticator

Description This article describes the importance of using a metadata file when configuring SAML on FortiAuthenticator.
Scope FortiAuthenticator SAML.
Solution

There are cases where FortiAuthenticator acts as IDP ( Identity provider) or SP (Service provider). When configuring either of these it is required to configure external SP or IDP details on FortiAuthenticator.

The most common method of doing this is through copy and paste. But by doing so there can be cases certain mismatches will take place.

It can be a minor error, but SAML will not work as expected, causing errors. There are cases where external entities might have differences in the exact URLS, certificates and etc.

 

It is recommended to use the metadata file provided by the relevant SP or IDP to upload external IDP or SP details to FortiAuthenticator.

 

This will minimize configuration issues in SAML in FortiAuthenticator.

 

Below are two screenshots from FortiAuthenticator for SP and IDP:

 

SAML-IDP.jpg

 

SAML-SP.jpg
78
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.