You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 19 Next »

Here we assume you have already set the appropriate Fabric Connector configurations.  This guide will only explain how to configure the SP and IDP settings.

Log in to the root FortiGate.


Go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.


In the Fabric Connector Edit screen go down to where it says SAML Single Sign-On and click Advance Options

In the SAML SSO Window Specify the SP address.  This is essentially the URL or the IP address of the Fortinet UI you wish to log onto.


Expand SP details

 

Log back in. to the DualShield Admin Console

Go to SSO>Service Providers

Click on  on the top right.

Fill in the details as per screenshot on right and make sure you select SAML 2.0(Without Metadata) as Type.

Copy and Paste the Entity ID, ACS and Logout URL  from the SP details on the Fortinet UI (see above)

Click on Attributes at the top

Click Create

Use the following Values:

OptionValue
Location HTTP Body
Nameusername
Formatunspecified
Maps TouserPrincipleName

Click Save

Click on General Settings at the top

Set NameID Format to Map to the following Attribute

Select Username in the Attribute dropdown

The completed Service Provider dialogue box will look like this:



Click Save

Go to SSO>SSO Servers

Select the drop-down menu corresponding to the SSO server you will be using and click on View

Click on Display Metadata at the bottom

Search through the metadata for the Entity ID, Single Sign-On URL and Single Logout URL

Go back to the Fortinet Ui to IdP Settings.  Set the IdP type to Custom.

Select the Remote Certificate you uploaded earlier (Refer to Import IdP Certificate onto Fortinet)

Copy and out Entity ID, Single Sign-On URL and Single Logout URL from the IdP metadata on Dualshield and past them into the corresponding fields under IdP Settings on Fortinet


Click OK


  • No labels