hm

I found https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/981270/creating-security-policies-for-di...

This says if you set a policy to require a specific user or usergroup the FGT will prompt you with a login screen once you match that policy. This should work for guest wifi too.

Thus there is no user registration that can be used by users. This will require an admin to create the user and add to groups if required.

So might not be a full guest wifi portal as you know it but maye it meets your requirements?

Maybe I just misunderstood that ..  "where a user needs to enter their name and password. As the Admin, I would then be able to approve or deny their access to the guest wifi".

I thought that idea is that the guest users will apply/enroll themselves somehow and admin later then approve their ability to log into the guest wifi.

Sure you can, as admin, or guest manager/sponsor, create bunch of guest accounts in advance and then distribute those. Like hotel receptionist giving you temporary access while you stay in. In this case you can make those users into guest groups on FGT or your back end auth server (LDAP/RADIUS/TACACS+/Kerberos) and use either captive portal on interface or group in policy which will then spring the auth according to settings when needed. But that seemed to me a bit too much pre-fabricated, as you are basically granting access to those users in advance, not when they enroll .. "enter their name and password".

well yes. But that's the only thing FortiOS supports. If you need users to enroll themselfes you might have to use an external solution then.

yes, that's what I tried to depict in my first update.