Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
Hawada1
Staff & Editor
Staff & Editor

Created on ‎01-21-2026 06:10 AM

Article Id 427177

Technical Tip: FortiNAC-F integration with Google Cloud OAuth for Captive Portal authentication

Description This article describes that steps need for a successful FortiNAC-F integration with Google Cloud for captive portal authentication
Scope FortiNAC-F
Solution
  1. Configure the Portal on FortiNAC. The Top-Level Domain (TLD) should be '.com' or '.org' otherwise Google will not accept it.


Google Portal -01.png

 

 

  1. Log in to the Google developer console.
  2. Create a Project.

 

Google Portal -02.png

 

  1. Select 'API and Services' -> 'OAuth consent screen' and select 'Create OAuth Client'.

Google Portal -03.png

 

  1. Now create a new 'Application Type' and from the drop-down list, select 'Web Application'.
  • Give it any name.
  • For 'Authorized JavaScript origins' enter the FortiNAC URL: 'https://<fortinaclab.halab.com>'
  • For 'Authorized redirect URIs' it depends on the FortiNAC configuration:

    Standard User Login: https://<fortiNAC_FQDN>/registration/ValidUserLogin.jsp

    Custom Login: https:/ <fortiNAC_FQDN>/registration/CustomLogin.jsp

    Game Console Registration Login: https://<fortiNAC_FQDN>/registration/GameRegister.jsp 

  • After completing the configuration a Client ID and Client Secret will be automatically generated. Copy those key and add them to FortiNAC Portal Configuration -> Edit Portal -> Configuration -> Global -> Settings
  • For 'Custom Login Type' select Social.
  • Enter the Google Client ID and Google Client Secret.

 

Google Portal -04.png

 

  1. If Google API is not enabled, the notification below will be prompted upon authentication. Copy the URL and enter it in the browser to enable Google People API. Go to APIs and services -> API Library enable it and look for Google People API, then enable it.

 

Google People API.png

 

  1. Configure the Server API Keys.
    • Select Create credentials, and then select API key from the menu.
    • Optional: To bind the API key to a service account, select the Authenticate API calls through a service account checkbox and then select Select a service account to select the service account created.
    • Add API key restrictions (Check API Restriction).
    • The IP should be the FortiNAC Public IP NATing the local FortiNAC traffic to external. To get this IP, run the following:

 

execute enter-shell

dig +short myip.opendns.com @resolver1.opendns.com

 

Select Create. The API key created dialog displays the string for the newly created key.

 Google Portal -05.png

 

  1. Configure the FortiNAC Service Connector:
    • Enter the Client ID previously generated.
    • Make sure to enter the Authenticated Domain (example: gmail.com) otherwise the authentication will fail.
    • To get the Project Number go to Cloud overview -> Dashboard.

 

Google Project numberGoogle Project number

 

Fill in the API key previously created in step 7.

 

FortiNAC Service ConnectorFortiNAC Service Connector

 

  1. To Remove 'Person Visiting', uncheck the Address field and create a Role assign it to authenticated users.


Person Visiting.png

 

  1. Testing:

 

Test Google Portal -01.png

 

User authenticatedUser authenticated

 

Test Google Portal -03.png
25
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.