Technical Tip: Login to FortiGate GUI using FortiCloud SSO

In FortiOS 7.0.0 and above, a new feature that allows FortiCloud SSO login is introduced. 

To enable FortiCloud SSO login, go to System -> Settings and toggle FortiCloud Single Sign-On to On:

To configure IAM users in FortiCloud, login to FortiCloud portal (https://www.forticloud.com) with administrator access.

Follow the steps below:

1. Select Services -> IAM.

2. Select 'ADD IAM USER'.

3. Enter the details of the user:

4. In the User Permissions section, select the pencil icon beside FortiOS SSO, and assign proper access type:

5. Review the configured details and select 'Confirm' to create the user:

6. Once the user has been created, a CSV will be generated. Download the file as it contains the password for the user to login as an IAM user:

7. Send the downloaded CSV file to the corresponding user.

Once the above has been configured, proceed to login to the FortiGate GUI using the usual URL (https://<fortigate-IP/domain>:<port>).

• Notice an additional 'Sign in with FortiCloud' button. Select it.
  

• Select 'Sign in as IAM user':

• In the login form, fill in the details recorded in the CSV file downloaded previously:

• The user is now logged in with FortiCloud SSO with the assigned rights:

Additional notes:

Note that FortiCloud SSO could fail in the following cases:

• If the FortiGate is not registered to the FortiCare account used for login, it will reject the login and give the user the option to switch account or login locally.
  
• If the master account has '2FA auth enforcement' enabled, IAM users without 2FA configured will be rejected.
• If the FortiGate is a VM appliance with a PAYG (Pay-As-You-Go) license. Note that FortiCloud SSO is not yet supported on VM with PAYG licenses.