3.7 KiB
3.7 KiB
title, sidebar_label, support_level
| title | sidebar_label | support_level |
|---|---|---|
| Integrate with FortiManager | FortiManager | community |
What is FortiManager
FortiManager is an enterprise solution that enables centralized network management, ensures compliance with best practices, and automates workflows to enhance breach protection.
-- https://www.fortinet.com/products/management/fortimanager
Preparation
The following placeholders are used in this guide:
fortimanager.companyis the FQDN of the FortiManager installation.authentik.companyis the FQDN of the authentik installation.
:::note This documentation only lists the settings that have been changed from their default values. Please verify your changes carefully to avoid any issues accessing your application. :::
authentik configuration
To support the integration of FortiManager with authentik, you need to create an application/provider pair in authentik.
Create an application and provider in authentik
- Log in to authentik as an administrator and open the authentik Admin interface.
- Navigate to Applications > Applications and click Create with Provider to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- Application: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- Choose a Provider type: select SAML Provider as the provider type.
- Configure the Provider: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Set the ACS URL to
https://fortimanager.company/saml/?acs. - Set the Issuer to
https://authentik.company/application/saml/application-slug/sso/binding/redirect/. - Set the Service Provider Binding to
Post.
- Set the ACS URL to
- Configure Bindings (optional): you can create a binding (policy, group, or user) to manage the listing and access to applications on a user's My applications page.
- Click Submit to save the new application and provider.
FortiManager Configuration
- Navigate to
https://fortimanager.company/p/app/#!/sys/sso_settingsand select SAML SSO Settings to configure SAML. - Under Single Sign-On Mode, choose Service Provider (SP) to enable SAML authentication.
- Set the SP Address field to the FortiManager FQDN,
fortimanager.company. This provides the URLs needed for configuration in authentik. - Choose the Default Login Page as either Normal or Single Sign-On. Selecting Normal allows both local and SAML authentication, while Single Sign-On restricts login to SAML only.
- By default, FortiManager creates a new user if one does not exist. Set the Default Admin Profile to assign the desired permissions to new users. A
no_permissionsprofile is created by default for this purpose. - Set the IdP Type field to Custom.
- For the IdP Entity ID field, enter:
https://authentik.company/application/saml/application-slug/sso/binding/redirect/ - Set the IdP Login URL to:
https://authentik.company/application/saml/application-slug/sso/binding/redirect/ - Set the IdP Logout URL to:
https://authentik.company/ - In the IdP Certificate field, import your authentik certificate (either self-signed or valid).
Configuration verification
To confirm that authentik is properly configured with FortiManager, log out and log back in via authentik.