Description | This article describes how to configure SAML SSO login for administrators using the FortiGate as SAML-Idp. |
Scope | FortiWeb and FortiGate. |
Solution |
In this example, FortiGate must be configured as Fabric Root and FortiWeb should be in Fabric. FortiGate's SAML Single-Sign-On must be enabled and configured. - Go in FortiWeb to Security Fabric -> Fabric Connectors.
Upstream IP: Fabric Root FortiGate IP.
Default means when Fabric connection with FortiGate is established, the Single Sign-On mode would be enabled automatically and FortiGate would enable synchronizing SAML Single-Sign-On related settings to the FortiWeb.
Local means when Fabric connection with the FortiGate is established, it is necessary to manually enable Single Sign-On mode and manually configure the SAML Single-Sign-On settings.
Management IP: FortiWeb’s Management IP. his must be the same as the setting of the HTTPS in System -> Admin -> Settings in FortiWeb.
- After setting up FortiWeb Fabric Connector, check FortiGate to authorize the FortiWeb. Confirm the FortiWeb is authorized and go to Security Fabric -> Fabric Connectors -> Security Fabric Setup. Single-Sign-On must be enabled and configured properly.
- Few minutes later, FortiWeb’s status should be Authorized. Single-Sign-On settings are synced by FortiGate.
- With Single Sign-On Mode enabled, users, will be redirected to FortiGate's Single Sign-On Provider page when Single Sign-On is selected on FortiWeb's login page. It will be required to login with FortiGate's administrator account.
- After the first time logging in, this account will be automatically created on FortiWeb. Go to System -> Admin -> Administrators, the account has been created in the SSO Admin table, and get the profile for it.
Troubleshooting commands:
# diagnose debug application samld 7
Disable the debug after trying to login with Signle-Sign-On:
# diagnose debug disable
Related documents: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.