Before an application can be created, a logon procedure must be created first.
In the Admin Console, in the side panel, select "Authentication | Logon Procedure"
Click the "CREATE" button on the toolbar
In the "Name" field, enter a name for this new logon procedure, e.g. "Office 365"
In the "Type" field, select the type of the logon procedure from the drop list, e.g. "Web SSO"
Click the "SAVE" button to save it.
Now that a new logon procedure is created, you want to add logon steps.
To add logon steps to a logon procedure or to change logon steps, firstly navigate to the logon procedure.
Navigate to Authentication | Logon Procedures
Click the context menu icon "..." of the application to be edited, e.g. "Office 365"
select "Logon Steps" to bring up the logon steps editor
To add a logon step, click the "ADD" button
Select the one or multiple authentication methods that you want to add to this step, e.g. "One-Time Password"
Click the "SAVE" button to save it
You can change the order of the steps by clicking the "UP" and "DOWN" buttons.
The type of logon procedure for SAML integration must be Web SSO.
Once a logon procedure has been created, you need to add logon steps into the newly created logon procedure. Typically, you would create a two logon steps, as the example below.
Of course, you can create as many steps as you like.
Create Web SSO application
In DualShield, an application does not have a type. Therefore, creating an application for any integration is the same.
In the Admin Console, in the side panel, select "Authentication | Applications"
Select "CREATE" on the toolbar
Select the Realm to be linked to this application, e.g. Deep.Net
Select the Logon Procedure to be used by this application, e.g.. Office 365
Click "SAVE" to save the application.
However, you must select a Logon Procedure that is of the type of Web SSO. In the example below, "Salesforce (SAML)" is a Web SSO logon procedure.
Publish Web SSO application
Generally, an application has to be published before it can be accessible by users.
To publish an application on an authentication agent, first navigate to the application list by selecting "Authentication | Applications" in the side panel
Click the context menu icon "..." of the application, e.g. "Office 365" to access its context menu
select "Agents" in the context menu
select the authentication agent on which the application is to be published, e.g. "Single-Sign-on Server"
Click "SAVE" button to save the settings
A Web SSO application has to be published on one or many Single Sign-On (SSO) servers.
You might see two SSO servers in your DualShield platform, one called "SSO Server" and the other called "Single Sign-on Server". The so-called "SSO Server" is the legacy SSO server in DualShield 5 and the "Single Sign-on Server" is the new SSO server in DualShield 6.
Follow the steps below to build up an application for FortiGate