FortiManager 7.2.1 RADIUS Configuration - RSA Ready Implementation Guide
3 years ago
Originally Published: 2023-03-24

This section describes how to integrate FortiManager with RSA Cloud Authentication Service using RADIUS.

Procedure

  1. Sign into the FortiManager GUI and use the correct ADOM according to your company to be able to access the System Settings.
    AjithkumarSID_0-1679677688126.png
  2. On the left pane, select Admin, then select Remote Authentication Server from the drop down. Select Create New and click on RADIUS Server.
    AjithkumarSID_1-1679677843675.png
  3. Enter the name of the RADIUS server as per your needs and fill in the following details:
    1. Enter the IP address/FQDN details from the RSA Identity Router management IP in Server Name/IP field and enter the shared secret.
    2. Configure a Secondary RADIUS Server if needed.
    3. Select PAP as the Authentication Type.
       
      AjithkumarSID_0-1686899664682.png
  4. On the left pane, under Admin, select Administrator to choose who is prompted for RSA RADIUS authentication.
  5. Select Create New and enter the username in the User Name field.
  6. You can choose an admin username, or you can choose to authenticate all admins by selecting Match all users on the remote server checkbox.
  7. Select RADIUS from the Admin Type dropdown, and then select the RADIUS server created in step 3.
    AjithkumarSID_4-1679679934657.png
    AjithkumarSID_5-1679679964110.png
  8. Sign into the RSA Cloud Console and go to Authentication Clients > RADIUS > Add RADIUS Client and Profiles.
    AjithkumarSID_2-1686899769705.png
  9.  To validate the LDAP password, apply the access policy that includes MFA to input your SecurID OTP/Authenticate OTP/Biometrics/Approve/SMS/Voice OTP or directly apply the access policy.
  10. Choose access policy that suits your needs that is created from Access > Policies and then select Save and Next Step.
    AjithkumarSID_7-1679680047688.png
  11. Create a RADIUS profile to return a certain RADIUS attribute back to the FortiManager, like Fortinet-Access-Profile, to return a profile created on the FortiManager for authorization, like Restricted_User.
  12. You can apply the profile back to the FortiManager, as it rejects any profile override by default. To do this, go to the FortiManager through CLI and perform the following commands under the needed Access Profile:
    AjithkumarSID_8-1679680092447.png
    AjithkumarSID_10-1679680120158.png
  13. Select Finish and then Publish Changes.
    AjithkumarSID_11-1679680150205.png

Configuration is complete.

Return to the main page.

Related Articles

Trending Articles

Don't see what you're looking for?