Description | This article describes an option to remove the username and password field from the SSL VPN web portal login page and only keep the Single Sign-On option as an available login method. |
Scope | FortiGate. |
Solution |
There might be scenarios where the administrator wants to keep the SSL VPN web mode active but only allow the login option via Single Sign-On, to prevent local or malicious login attempts. Removing the login option does not impact FortiClient and the end user can still authenticate against either SSO, local, or remote server via FortiClient.
By default, if Single Sign-on is being used, the following SSL VPN web mode login page will be visible.
To remove the option for credentials, it is possible to edit the SSL VPN replacement message script to only show Single Sign-On as an available option.
The path for SSL VPN replacement message is System -> Replacement messages -> SSL VPN login page.
Select the SSL VPN Login Page and select 'edit'. It will look like the following:
It is possible to change the script to the following in order to only display the Single Sign-On option:
<!DOCTYPE html>
Once saved and after checking the login page again, it will look like the following (the replacement message preview page will not show the Single Sign-On option to search the SSL VPN web portal URL on the web browser): Note: To revert, it is possible to select the 'restore default' option under the SSL VPN replacement message page and then save it. Currently, the end user will only see the login option for Single Sign-On. Once users select Single Sign-On, it will redirect them to the SSO page.
If only SSO user groups are in all SSL VPN policies: when the user searches for the web portal URL, it will automatically redirect to the SSO page and will not even show the web mode login page. In this case, it is not necessary to edit the script.
Note that TAC can only help to remove some portions of the script or restore the default script. Further change or modification of the script is outside of TAC's scope.
Related article: Technical Tip: Technical support on customization on various Fortinet products. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.