Fortinet (Fortigate) Single Sign-On (FSSO)

Fortinet Single Sign-On (FSSO) solution by miniOrange provides you with secure Single Sign-On access to multiple On-Premise and Cloud Applications using a single set of login credentials. With miniorange’s Identity Provider (IDP) service you can use SSO to login to multiple applications using a single Fortinet username and password. Looking at another way, if your users are in any third-party Identity Providers (Azure Active Directory, Okta, Auth0) and you want your users to log into Fortinet (Fortigate) using existing IDP credentials, you can easily allow them to use SSO to login securely.

miniOrange and Fortinet Single Sign-On (FSSO) integration supports the following features:

SP Initiated Single Sign-On (SSO)
IdP Initiated Single Sign-On (SSO)

Connect with External Source of Users

miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, OpenLDAP, AWS etc), Identity Providers (like Microsoft Entra ID, Okta, AWS), and many more. You can configure your existing directory/user store or add users in miniOrange.

Follow the Step-by-Step Guide given below for Fortigate Single Sign-On (FSSO)

1. Configure Fortinet in miniOrange

Login into miniOrange Admin Console.
Go to Apps and click on Add Application button.

In Choose Application, select SAML/WS-FED from the application type dropdown.

Fortinet Single Sign-On (SSO) choose app type

Search for Fortinet in the list, if you don't find Fortinet in the list then, search for custom and you can set up your application in Custom SAML App.

Fortinet Single Sign-On (SSO) manage apps

For entering the metadata, you need to get the IP address where your Fortigate SSL VPN is listening on.

Enter the following values in the respective fields.

SP Entity ID or Issuer:	https://fortigate-ip:port/saml/metadata
ACS URL:	https://fortigate-ip:port/saml/login

Fortinet Single Sign-On (FSSO): Select Metadata

Click Next, now in the Attribute Mapping configure the following attributes as shown in the image below.

Name ID:	E-mail Address
NameID format:	urn:oasis:names:tc:SAML:2.0:nameid‑format:emailaddress

To upload respective app logo for a Custom SAML App, click on Upload Logo tab.

Click on Save.

To get miniOrange metadata details in order to configure Fortinet :

Go to Apps >> Applications.
Search for your app and click on the icon ' ' in Actions menu against your app.
Click on Metadata to get metadata details, which will be required later. Click on Show SSO Link to see the IDP initiated SSO link for Fortinet.

On the View IDP Metadata page -

1. If you want to use miniOrange as User-Store i.e., your user identities will be stored in miniOrange then download the metadata file under the heading 'INFORMATION REQUIRED TO SET MINIORANGE AS IDP'.

2. If you want to authenticate your users via any external Identity Provider like Active Directory, Okta, OneLogin, Google, Apple ID, etc then download the Metadata file under the heading 'INFORMATION REQUIRED TO AUTHENTICATE VIA EXTERNAL IDPS'.

Fortinet Single Sign-On (SSO) On Metadata page

Then click on Download Metadata.

Fortinet Single Sign-On (SSO) Select Metadata details external IDP or miniOrange as IDP

2. Configure SSO in Fortinet Admin Account

Go to Security Fabric -> Settings.

GUI in version 6.2.	Go to User & Device -> SAML SSO
GUI in version 6.2.3 and above.	Go to Security Fabric -> Settings Enable FortiGate Telemetry, choose a Fabric name and an IP for FortiAnalyzer (can be an unused address) Enable SAML Single Sign-On, Click on Advanced Options
GUI in version 6.4 and above	Go to Security Fabric -> Fabric Connectors -> Security Fabric Setup -> Single Sign-On Settings

Fortinet Single Sign-On (FSSO): Navigate Security Fabric and select Settings

Enable SAML Single Sign-On, Click on Advanced Options.

Fortigate Single Sign-On (FSSO): Enable SAML Single Sign-On

Fortigate Single Sign-On: Click Advanced Options

Choose Mode as Service Provider (SP).

Fortinet Single Sign-On (FSSO): Choose Mode as Service Provider

Fill the details as per the following table.

IDP Entity ID	Entity ID or Issuer in miniOrange
IDP Single Sign-On URL	SAML Login URL in miniOrange metadata
IDP Single Logout URL	SAML Logout URL in miniOrange metadata

Click on Apply to save changes.

3. Test SSO Configuration

Test SSO login to your Fortinet account with miniOrange IdP:

Using SP Initiated Login

Go to your Fortinet URL, here you will be either asked to enter the username or click on the SSO link which will redirect you to miniOrange IdP Sign On Page.

Enter your miniOrange login credential and click on Login. You will be automatically logged in to your Fortinet account.

Using IDP Initiated Login

On the Dashboard, click on Fortinet application which you have added, to verify SSO configuration.

Fortinet Single Sign-On (SSO) verify configuration

Not able to configure or test SSO?

Contact us or email us at idpsupport@xecurify.com and we'll help you setting it up in no time.

External References

Want To Schedule A Demo?

Work Email *

Phone*

Book your time slot

Contents