v3.15.2

Configuring SAML for FortiMail

Setting FortiMail

Go to System -> Customization -> Single Sign On:

  • Toggle “Enabled” switch to on

  • Toggle “Webmail” switch to on

  • Insert IdP (HES) metadata as text or file in Identity Provider (IDP) Metadata section

  • Click Apply

  • Download SP (fortimail) metadata

Setting HES

Go to Settings -> Parameters -> SAML section:

  • Click Add Service Provider button:

    • Issuer - Entity ID from FortiMail

    • Assertion Consumer Service - ACS URL from FortiMail

    • Public x509 Certificate - Certificate from FortiMail

    • NameID Format - Email

    • NameID Value - Email

  • Add Assertion Attributes:

    • SAML Attribute - urn:oid:0.9.2342.19200300.100.1.3

    • User Attribute - Email