Log back in to the DualShield Admin Console


Go to SSO>Service Providers





Click on  on the top right.



Fill in the details as per screenshot on right and make sure you select SAML 2.0(Without Metadata) as Type.








Copy and Paste the Entity ID, ACS and Logout URL  from the SP details on the Fortinet UI (see above)








Click on Attributes at the top








Click Create

Use the following Values:

OptionValue
Location HTTP Body
Nameusername
Formatunspecified
Maps TouserPrincipleName


Click Save







Click on General Settings at the top








Set NameID Format to Map to the following Attribute

Select Username in the Attribute dropdown








The completed Service Provider dialogue box will look like this:



Click Save








Go to SSO>SSO Servers








Select the drop-down menu corresponding to the SSO server you will be using and click on View







Click on Display Metadata at the bottom








Search through the metadata for the Entity ID, Single Sign-On URL and Single Logout URL








Go back to the Fortinet Ui to IdP Settings.  Set the IdP type to Custom.

Select the Remote Certificate you uploaded earlier (Refer to Import IdP Certificate into FortiGate)

Copy and out Entity ID, Single Sign-On URL and Single Logout URL from the IdP metadata on Dualshield and past them into the corresponding fields under IdP Settings on Fortinet


Click OK