In v6.0.x, if an organization's user logs into the system using remote authentication (SAML, FortiAuthenticator, RADIUS) without any site attribute specified, the user is automatically granted access to all sites belonging to the same organization where the user is assigned. This behavior stayed the same until FortiPortal v7.0.7.

Starting from v7.0.8 this behavior has changed. If no site attribute is present in the remote response or the value of the site attribute is empty in the remote response, the user is allowed to log in to FortiPortal, but the user cannot see any sites and any devices.

The debug logs will show that all_sites_access attribute is set to false.

2025-03-29 06:21:15,529 [fortiportal.systems.authentication.backend:backend.py:362 assign_customer_site()] - INFO - site attribute name is not configured or site attribute is not found. site attribute name: FPC_Site, all sites access: False

A new attribute 'remote-org-user-all-sites-access' has been introduced in v7.0.8 with the default value of disable. If providing access to all sites is required, enable remote-org-user-all-sites-access from CLI, which will allow access to all sites even if the blank value is passed in the site attribute (or the site attribute not passed at all).

config system admin setting
    set remote-org-user-all-sites-access enable
end

The debug logs will now show that all site's access attributes are True even if the site attribute is not present in the response:

2025-03-29 05:51:33,730 [fortiportal.systems.authentication.backend:backend.py:362 assign_customer_site()] - INFO - site attribute name is not configured or site attribute is not found. site attribute name: FPC_Site, all sites access: True