Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ronald
New Contributor

Guest Social Login with Administrator Approval

Hi,

 

  Does anyone know if I can user social login guest registration along with administration approval? I mean, the guest user register itself using social login (FB, Linkedin, etc) then some administrators receives an email to allow the user to navigate ?

  I am using a FortiAuthenticator v4.00-build0019-20151007-patch00.

 

  PS: I have "Require administrator approval" on Self-service portal -> self-registration ENABLED but only works in the regular form.

 

Thanks in advanced.

 

Ronald

1 Solution
Carl_Windsor_FTNT

This sounds like a perfect use case for the self registration portal.  This would be the workflow:

[ul]
  • User connects to wireless network (open access) and browses to internet
  • User hits the FGT which is configured to block the user with the standard firewall block page but you edit it with instructions to "Click here to register" which points to the FAC self reg page https://<FAC_IP>/auth/register
  • User registers, creating their own login but if "Require administrator approval" is set, and email will be sent to the chosen admins to approve before the user can log in.[/ul]

    One other common usage scenario is to pre-create a list of time limited user accounts and print the list out for distribution to users (as often happens in hotels).  There are some major changes planned in the 5.0 release around this guest management area.

  • Dr. Carl Windsor Field Chief Technology Officer Fortinet

    View solution in original post

    8 REPLIES 8
    Carl_Windsor_FTNT

    I already replied to this question posed via the techdocs alias but will add it here for others.

     

    The purpose of the Social Authentication is simple guest wireless access e.g. in a public space, coffee shop etc.  In this case there is requirement to provide free open access but at the same time a legal necessity to know who is using the network.  

    The Admin Approval feature is for the self-registration portal which is not connected to the Social Auth feature therefore it is not possible to achieve your goal.

     

    I am curious as to your use case though as we are making major changes in the Guest Managemnt side in future releases and it would be good to see if they would meet your needs.  Why would you need the administrator to approve the Social access and why not use the self-reg portal using e.g. email or SMS instead.

    Dr. Carl Windsor Field Chief Technology Officer Fortinet

    Ronald

    Hi Carl,

     

    First of all, thank you very much for the answer. I had tried to find this information at Fortinet website but I couldn't. I even read the "FortiAuthenticator - Administration Guide" but there it wasn't clear. I really apreciate if you could provide me the link for your metioned previous post, so it will be ore more place to look next time :)

    I got your point and I will try to explain our need. We are a WebStore company and we have some offices where we regularly have partners or suppliers coming and go. The drive of our IT staff is offer GUEST access in a "easy way" without be necessary to fill forms. We thought Social Login it was very nice way.

     

    On the flip side I can't let this access open to anyone for security reasons. We have another buildings/companys very close (neighbors) or even someone in the street or at Cultural Center, across the street could discover the SSID and use it without our concern, even for short time. I also want to avoid any of our own employees from use this network.

     

    One more question, this e-mail or sms, you mean, inside Social Portal/social_login context ? Or are you talking about the regular form Credentials Portal/caplogin ? I am saying both under Captive Portal.

     

    Thank you, again.

     

    Sincerely,

     

    Ronald

    Carl_Windsor_FTNT

    This sounds like a perfect use case for the self registration portal.  This would be the workflow:

    [ul]
  • User connects to wireless network (open access) and browses to internet
  • User hits the FGT which is configured to block the user with the standard firewall block page but you edit it with instructions to "Click here to register" which points to the FAC self reg page https://<FAC_IP>/auth/register
  • User registers, creating their own login but if "Require administrator approval" is set, and email will be sent to the chosen admins to approve before the user can log in.[/ul]

    One other common usage scenario is to pre-create a list of time limited user accounts and print the list out for distribution to users (as often happens in hotels).  There are some major changes planned in the 5.0 release around this guest management area.

  • Dr. Carl Windsor Field Chief Technology Officer Fortinet

    Ronald

    Great,

     

      I will implement it on this way.

      I look forward for next releases :)

     

    Thank you Carl

    eshaq786

    Can someone provide more details around this implementation? I am looking to do the same where guest accounts are approved by admins before logging on.

    Carl_Windsor_FTNT

    Take a look at this guide here.  It is a little old now but should still be relevent enough to get you started.

    Dr. Carl Windsor Field Chief Technology Officer Fortinet

    eshaq786

    Thanks Carl.

     

    There does seem to be a big difference in the versions. I am not sure how to proceed.

     

    Do i redirect the guest SSID to the FAC or to somewhere else?

    eshaq786

    How do i setup the SSID to authenticate against the self registered accounts?

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors