Configuring SAML for FortiGate
Setting FortiGate
Step 1
Go to System > Certificate:
Click “create/import” button
Add certificate
Step 2
Go to User & Authentication > Single-Sign-On:
Click “Create New” button
Type name and click next
In Identity Provider Details select type Custom
Entity ID - <HES address>
Assertion consumer service URL - <HES address>/Saml/Login
Assertion consumer service URL - <HES address>/Saml/Logout
Certificate - select imported certificate
Attribute used to identify users - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Click “Submit” button
Edit created config
Click edit in CLI
In CLI Console type commands:
set sp-single-sign-on-url “https://fortigate.hideez.com/remote/saml/login”
set sp-single-logout-url “https://fortigate.hideez.com/remote/saml/logout”
Close CLI Console
Step 3
Go to User & Authentication > User Groups:
Add user to SSO group
Step 4
Timeout configuration:
Run CLI Console
Type command:
Step 5
Configure firewall.
For configuring SAML refer to the next guide - https://docs.fortinet.com/document/fortigate/7.2.1/administration-guide/736845/saml
For configuring SAML SSO in the GUI refer to this guide - https://docs.fortinet.com/document/fortigate/7.2.1/administration-guide/989067/configuring-saml-sso-in-the-gui
Setting HES
Go to Settings -> Parameters -> SAML section
Click Add Service Provider button
Issuer - Entity ID from FortiMail
Assertion Consumer Service - ACS URL from FortiMail
Public x509 Certificate - Certificate from FortiMail
NameID Format - Email
NameID Value - Email
Last updated