FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
ymasaki
Staff
Staff
Article Id 270080
Description

This article describes how to set up the SAML IdP configuration with on-prem ADFS.

Scope

FortiEDR v5.0+v and 5.2+

Solution

To set up SAML authentication in ADFS (This guide instructs the steps after ADFS installed).

 

  1. Go to ADMINISTRATION -> USERS and download Service Provider Metadata.

 

**This file is required to set up Relying Party Trusts in ADFS.

 

adfs_saml_step1.png

 
  1. Open AD FS Manager and select Add Relying Party Trust.

 

adfs_saml_step2.png

 

  1. Select Claims aware and select Start.

 

adfs_saml_step3.png

 

  1. Select Import data about the relying party from a file and select the SP Metadata from Step 1. Select Next.

 

adfs_saml_step4.png

 

  1. Enter the Display name and select Next.

 

adfs_saml_step5.png

 

  1. Choose Permit Everyone and select Next.
  2. Select Next.

 

adfs_saml_step7.png

 

  1. Select Close.
  2. Select Properties.

 

adfs_saml_step9.png

 

  1. Go to the Advanced tab and enable SHA-1. Select OK.

 

adfs_saml_step10.png

 

  1. Select Edit Claim Issuance Policy and Add Rule.

 

adfs_saml_step11.png

 

  1. Select Next.
  2. Enter the Claim rule name, select Attribute store: Active Directory and add mapping of LDAP attributes for Group and Name ID. Select Finish.

 

adfs_saml_step13.png

 

  1. Select OK.
  2. Download FederationMetadata.xml (https://<your server FQDN or IP>/FederationMetadata/2007-06/FederationMetadata.xml).

 

**This file is required to set up SAML setup in FortiEDR Central Manager.

 

To set up SAML authentication in FortiEDR Central Manager.

 

  1. Go to ADMINISTRATION > USERS and fill in following fields. Select Save.

SAML Enabled: Check the checkbox.
IDP Description: Fill in the comments.
IDP Metadata: Upload the Metadata file from ADFS (Step. 15).
Attribute Name: http://schemas.xmlsoap.org/claims/Group
Role/Group mapping: Enter LDAP group name for target users.

 

edr_saml_step1.png

 

  1. Copy SSO URL.

 

edr_saml_step2.png

 

  1. Access the SSO URL and redirect to the ADFS Sign page. Sign in with username and password.

 

edr_saml_step3.png

 

  1. Successfully logged in as an ADFS SAML user.

 

edr_saml_step4.png

Contributors