Help
FortiPortal
FortiPortal provides a comprehensive set of security management and analytics within a multi-tenant, multi-tier management framework.
bksol92
Staff
Staff

Created on ‎12-09-2024 10:14 PM

Article Id 362830

Technical Tip: Using FortiAuthenticator as an Identity Provider (IdP) portal for FortiPortal SSO access

Description This article describes how to allow Identity Provider (IdP)-initiated SSO in FortiPortal.
Scope FortiPortal/FortiAuthenticator.
Solution

FortiPortal supports two types of SAML SSO: Service Provider (SP)-initiated SSO and Identity Provider (IdP)-initiated SSO.

 

In SP-initiated SSO, a user will enter their username, select 'Login with Single Sign-On' on FortiPortal's login page, and be redirected to the Identity Provider's login page to enter the credentials. Once authenticated, the user will be redirected back to the authorized organization's page in FortiPortal:

 

fpc-sso-7.4.1.gif

 

In IdP-initiated SSO, a user is provided with the URL to the IdP's SSO portal, where the credentials are entered to be authenticated. Once authenticated, FortiPortal can be selected in FortiAuthenticator's portal page to be redirected to the user's organization's page in FortiPortal:

 

fpc-idp-sso.gif

 

The following settings should be configured to allow IdP-initiated SSO on FortiPortal:

  • On FortiPortal, 'Support IdP-Initiated SSO'should be enabled:

 

edit-sso.PNG

 

  • On FortiAuthenticator, edit FortiPortal's Service Provider entry to enable 'Support IdP-initiated assertion response':

 

support-idp.PNG

 

91
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.