The FortiGate can be configured to allow administrators to log in using the FortiCloud IAM user account. This option can be enabled on the FortiGate GUI under the System -> Settings -> FortiCloud SSO which will allow single sign-on login to the FortiGate using the FortiCloud IAM user account.

If the new IAM user is unable to log in to the FortiGate, showing a similar error as below, the possible cause of this issue is that the IAM user account does not have valid permissions to access the FortiGate.

To allow the login access to FortiGate using the IAM user account:

1. Log in to the Fortinet Support portal and go to Services -> IAM.
   
   
2. Select Permission Profiles.
   
   
3. Create a new permission profile (Note: the default sysadmin permission profile does not have FortiGate Cloud portal enabled).
   
   

4. Select to Add Portal.

    

5. Select portals based on the requirement, but for accessing on-premise FortiGates, FortiOS SSO, and Managed FortiGate portals must be added to allow FortiCloud SSO access for administrators.
   

    

   

6. Enable access on both portals and select the Access Type as required.
   
   

   

    

7. Assign this Permission Profile to the new IAM user.

    

8. Ensure the status of the IAM user is Active.

    

9. Log in to the support portal via the new IAM user account to verify access.
   
   

10. Log in to the FortiGate using the IAM user account.

After assigning the necessary Permission Profile to the IAM user account, a successful login attempt to the FortiGate will show the following:

Note:

If the configuration is the same as described in this article and the FortiCloud SSO user account still shows as unauthorized, review whether the device license is set to 'Pay as you go'. At this time, 'Pay as you go' is not supported by FortiCloud SSO login.