For more information about FortiAuthenticator realms, see the documentation.

Authentication realms are created by going to Authentication -> User Management -> Realms.

Note: the name defined here is the realm that needs to be appended to the username when authenticating.

In this example, a RADIUS policy has been configured with multiple realms for authenticating users from a Local database and the remote LDAP and RADIUS servers.

Intended authentication objectives for this policy:

• Users without a realm appended to the username are authenticated against the default realm named 'local' created for the local users (in the internal database).
• Users with realm 'testlab.com' appended to the username are authenticated against the Active Directory 'LDAP'.
• Users with realm 'radiusrealm' appended to the username are authenticated against the Radius server 'Remote_RADIUS_Server'.

There are three types of username format that can be used:

• username@realm.
• realm\username.
• realm/username.

In this example, the format 'username@realm' is configured to be used on the policy.

Realms will be matched from top to bottom.

Username used:

• admin: this will match the local realm. An attempt will be made to authenticate it against the local database because the realm is not specified.
• admin@testlab.com: this will be authenticated against the remote 'LDAP' server because the 'testlab.com' realm is specified.
• admin@radiusrealm: this will be authenticated against the remote 'Remote_RADIUS_Server' server because the 'radiusrealm' realm is specified.
  
  

Related article (explains the "Filter" button of the screenshot):
Technical tip: How to fix 'user not filtered by groups' error