# config system interface
    edit "802.1x"                                      <----- The hardware switch.
        set vdom "root"
        set ip 10.1.1.2 255.255.255.0
        set allowaccess ping https ssh http capwap
        set type hard-switch
        set security-mode 802.1X
        set security-groups "802.1x"                   <----- The remote radius group.
        set device-identification enable
        set role lan
        set snmp-index 13
    next
end

# config user radius
    edit "FAC_RADUIS"
        set server "192.168.1.99"
        set auth-type ms_chap_v2
        set password-renewal enable
    end

# config user group
    edit  802.1x
        set member "FAC_RADUIS"
    end

2) Create the user group that will contain the user database (pointing to a remote user group).

3) Configure the radius client along with the EAP type.

More details about the EAP types that can be used.

Note: The feature is available on units that support a hardware switch, integrated switch fabric.

The same cannot be applied to the units where an interface is configured as type software switch and not as hardware switch.
In order to check which device support the feature on a specific firmware, one can check the platform matrix of that specific firmware to confirm.

Example: https://docs.fortinet.com/document/fortigate/6.2.3/fortios-feature-platform-matrix

In the above link, 802.1x feature will be supported on FortiGate-60E with firmware 6.2.3 as it supports hardware switch, However, it will not be supported for example on a FortiGate-500 with firmware 6.2.3 as there is no built in hardware switch.