End of Year Sale. Upto 25% off on miniOrange Solutions - IAM | PAM | CIAM.
  Login  
Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Fortinet (Fortigate) Single Sign-On (FSSO)

Fortinet Single Sign-On (FSSO) solution by miniOrange provides you with secure Single Sign-On access to multiple On-Premise and Cloud Applications using a single set of login credentials. With miniorange’s Identity Provider (IDP) service you can use SSO to login to multiple applications using a single Fortinet username and password. Looking at another way, if your users are in any third-party Identity Providers (Azure Active Directory, Okta, Auth0) and you want your users to log into Fortinet (Fortigate) using existing IDP credentials, you can easily allow them to use SSO to login securely.


miniOrange and Fortinet Single Sign-On (FSSO) integration supports the following features:

  • SP Initiated Single Sign-On (SSO)
  • IdP Initiated Single Sign-On (SSO)

Connect with External Source of Users


miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, OpenLDAP, AWS etc), Identity Providers (like Microsoft Entra ID, Okta, AWS), and many more. You can configure your existing directory/user store or add users in miniOrange.



Follow the Step-by-Step Guide given below for Fortigate Single Sign-On (FSSO)

1. Configure Fortinet in miniOrange

  • Login into miniOrange Admin Console.
  • Go to Apps and click on Add Application button.
    • Fortinet Single Sign-On (SSO) add app

  • In Choose Application, select SAML/WS-FED from the application type dropdown.
    • Fortinet Single Sign-On (SSO) choose app type

  • Search for Fortinet in the list, if you don't find Fortinet in the list then, search for custom and you can set up your application in Custom SAML App.
    • Fortinet Single Sign-On (SSO) manage apps

  • For entering the metadata, you need to get the IP address where your Fortigate SSL VPN is listening on.
  • Enter the following values in the respective fields.
    SP Entity ID or Issuer: https://fortigate-ip:port/saml/metadata
    ACS URL: https://fortigate-ip:port/saml/login
    • Fortinet Single Sign-On (FSSO): Select Metadata

  • Click Next, now in the Attribute Mapping configure the following attributes as shown in the image below.
    Name ID: E-mail Address
    NameID format: urn:oasis:names:tc:SAML:2.0:nameid‑format:emailaddress
    • fortiget Single Sign-On: Add Attribute

  • To upload respective app logo for a Custom SAML App, click on Upload Logo tab.
    • Fortigate Single Sign-On: Update Logo

  • Click on Save.

    • To get miniOrange metadata details in order to configure Fortinet :

  • Go to Apps >> Applications.
  • Search for your app and click on the icon ' ' in Actions menu against your app.
  • Click on Metadata to get metadata details, which will be required later. Click on Show SSO Link to see the IDP initiated SSO link for Fortinet.
    • Go to Metadata link Fortinet SAML SSO

  • On the View IDP Metadata page -

    1. If you want to use miniOrange as User-Store i.e., your user identities will be stored in miniOrange then download the metadata file under the heading 'INFORMATION REQUIRED TO SET MINIORANGE AS IDP'.

    2. If you want to authenticate your users via any external Identity Provider like Active Directory, Okta, OneLogin, Google, Apple ID, etc then download the Metadata file under the heading 'INFORMATION REQUIRED TO AUTHENTICATE VIA EXTERNAL IDPS'.
    • Fortinet Single Sign-On (SSO) On Metadata page

  • Then click on Download Metadata.
    • Fortinet Single Sign-On (SSO) Select Metadata details external IDP or miniOrange as IDP

2. Configure SSO in Fortinet Admin Account

  • Login to Fortigate as an admin.
  • Go to Security Fabric -> Settings.
    GUI in version 6.2. Go to User & Device -> SAML SSO
    GUI in version 6.2.3 and above. Go to Security Fabric -> Settings Enable FortiGate Telemetry, choose a Fabric name and an IP for FortiAnalyzer (can be an unused address) Enable SAML Single Sign-On, Click on Advanced Options
    GUI in version 6.4 and above Go to Security Fabric -> Fabric Connectors -> Security Fabric Setup -> Single Sign-On Settings
    • Fortinet Single Sign-On (FSSO): Navigate Security Fabric and select Settings

  • Enable SAML Single Sign-On, Click on Advanced Options.
    • Fortigate Single Sign-On (FSSO): Enable SAML Single Sign-On

    Fortigate Single Sign-On: Click Advanced Options

  • Choose Mode as Service Provider (SP).
    • Fortinet Single Sign-On (FSSO): Choose Mode as Service Provider

  • Fill the details as per the following table.
    IDP Entity ID Entity ID or Issuer in miniOrange
    IDP Single Sign-On URL SAML Login URL in miniOrange metadata
    IDP Single Logout URL SAML Logout URL in miniOrange metadata
  • Click on Apply to save changes.

3. Test SSO Configuration

Test SSO login to your Fortinet account with miniOrange IdP:

    Using SP Initiated Login

    • Go to your Fortinet URL, here you will be either asked to enter the username or click on the SSO link which will redirect you to miniOrange IdP Sign On Page.
      • Fortinet Single Sign-On (SSO) login

    • Enter your miniOrange login credential and click on Login. You will be automatically logged in to your Fortinet account.

    Using IDP Initiated Login

    • Login to miniOrange IdP using your credentials.
      • Fortinet Single Sign-On (SSO)

    • On the Dashboard, click on Fortinet application which you have added, to verify SSO configuration.
      • Fortinet Single Sign-On (SSO) verify configuration


    Not able to configure or test SSO?


    Contact us or email us at idpsupport@xecurify.com and we'll help you setting it up in no time.



Frequently Asked Questions


What is Fortinet's Single Sign-On (FSSO)?

Fortinet Single Sign-On (FSSO) is an authentication protocol that enables Fortinet security products like FortiGate to transparently identify and authenticate users by monitoring login events within Active Directory or other supported identity stores.


External References

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products

Single Sign-On

Seamless login for workforce and customer identity to cloud or on-premise apps

Learn more

Multi-factor Authentication

Secure access for identities with an additional layer of authentication

Learn more

Adaptive Authentication

Block or grant user access based on IP, Device, Time & Location

Learn more

Lifecycle Management

Manage & automate user provisioning and deprovisioning to apps

Learn More