# Fortinet services ### **1.** Configuring SAML for FortiGate #### Step 1 Go to System > Certificate: * Click “create/import” button * Add certificate
#### Step 2 Go to User & Authentication > Single-Sign-On: * Click “Create New” button * Type name and click next ![](https://lh6.googleusercontent.com/HKvNe3j3u5xbnRplp2gublxvwfbKN0IG40vpBe4a4y2sdITW7WgngcV6E81q79hgPtjeLdLZXOj-tr3el-gPTd2M4zJTaKK-Et7-xqhHjAkU7EP1ERx0U-u0rMXvabDcE9NFW6tdLaCzj4sZA8AhukU) * In Identity Provider Details select type **Custom** * Entity ID - \ * Assertion consumer service URL - \/Saml/Login * Single logout service URL - \/Saml/Logout * Certificate - select imported certificate * Attribute used to identify users - * Click “Submit” button ![](/files/ole1BnPWIqZrmgn3bdkK) * Edit created config ![](https://lh3.googleusercontent.com/7_CghTVM6BWQuJmVB5ghMGgv7nMzui8scf_tO7_YXnUMTm7uYjqWxOLk9GpjFc4SJ7Dcqv2T3TaXZ8f1B17yRlvplvIGT3UkFb_XQgCahNl9JKQe4NPArZPICqXuM4j8OtsRXNqNPp_Fb8JyvLeg1vg) * Click edit in CLI ![](https://lh4.googleusercontent.com/bGiWX4WmkCciBtvqrJc4co3KH3tdmlJQA3p1wSSmu6PQWkGYpUo-YZlR3pXTaqjbeUQo56_X0E4nu9qc3BJVJ5U2NIj5HVwIbh80M9qE361Sg5TBTS9T2PDI-LZ_0LbllkJVKt3o7Fk0oU7NLaP7FFA) * In CLI Console type commands: * set sp-single-sign-on-url “ * set sp-single-logout-url “ * Close CLI Console #### Step 3 Go to User & Authentication > User Groups: * Add user to SSO group #### Step 4 Timeout configuration: * Run CLI Console * Type command: ``` config system global set remoteauthtimeout 180 end config vpn ssl settings set login-timeout 180 end ``` #### Step 5 Configure firewall. For configuring SAML refer to the next guide - For configuring SAML SSO in the GUI refer to this guide - ### **Setting HES** 1. Go to Settings -> Parameters -> SAML section 2. Click **Add Service Provider** button * Issuer - **Entity ID** from FortiMail * Assertion Consumer Service - **ACS URL** from FortiMail * Public x509 Certificate - **Certificate** from FortiMail * NameID Format - **Email** * NameID Value - **Email** ### 2. Configuring SAML for FortiMail #### Setting FortiMail Go to System -> Customization -> Single Sign On: * Toggle “Enabled” switch to on * Toggle “Webmail” switch to on * Insert IdP (HES) metadata as text or file in **Identity Provider (IDP) Metadata** section * Click Apply * Download SP (fortimail) metadata ![](https://lh6.googleusercontent.com/AvHCNK69t_d3pWsXUjuBDKnHafH_a7xb6Dg3P8JlOOcZyC3aBUL38s6v5FBFRPfnZ550e1-mHJ_9IOIrLc6-w29gVJKLTGo9o49Vl9arh5wxl4jSWKUXK_wuXa-7hxPLWgZJ1wMTvvsjeTj6keOOrL0)Write a caption #### Setting HES Go to Settings -> Parameters -> SAML section: * Click Add Service Provider button: * Issuer - **Entity ID** from FortiMail * Assertion Consumer Service - **ACS URL** from FortiMail * Public x509 Certificate - **Certificate** from FortiMail * NameID Format - **Email** * NameID Value - **Email** * Add Assertion Attributes: * SAML Attribute - **urn:oid:0.9.2342.19200300.100.1.3** * User Attribute - **Email** ![](https://lh3.googleusercontent.com/mbKpiNQaLomNvuqWGdkz5lr-3_RvUJ2F1IJB3b884GNUj1vgcsID2QTKt_wLKrhHxer3woMsH3Az_nx1Z90-P92fF1dDeKI4Cint909k-fNAUQVbOrAwU6b93FeKC50bXpHI-H-bqnTRUFZ7zS7rnt8)Write a caption --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://enterprise.hideez.com/hideez-server-integration/saml-integration/fortinet-services.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.