FortiManager 7.2.1 - SAML IDR SSO Configuration RSA Ready Implementation Guide
2 years ago
Originally Published: 2023-03-24

This section describes how to integrate FortiManager with RSA Cloud Authentication Service using IDR SSO.

Procedure

  1. Sign into the RSA Cloud Console, and go to Applications > Application Catalog > Create From Template > SAML Direct.
  2. Select Identity Router in the Choose where to enable your application section and select Next Step.
    AjithkumarSID_0-1679674227124.png
  3. Go to FortiManager System settings > Admin > SAML SSO and select Service Provider (SP) tab as Sinlge Sign-On Mode.
  4. Under IdP Settings section, select Custom tab, then fill in the IdP Entity ID and IdP Login URL from the Identity Provider URL found from the Application > Connection Profile that was done in the previous step.
    Note: You must Override the Identity Provider URL from RSA Cloud to be the full URL instead of the Identity String for it to work
    AjithkumarSID_1-1679674918700.png
  5. You can choose to automatically create a new user after successful authentication or not from the Auto Create Admin option on the FortiManager SAML SSO page.
    AjithkumarSID_2-1679674987718.png
  6. For the IdP Certificate, choose the certificate file from the RSA Cloud Console, whether you have chosen the default certificate or uploaded a new one, it is to be uploaded here to validate the SAML responses sent from RSA.
    AjithkumarSID_3-1679675798348.png
  7. In the User Identity section, use NameID as unspecified and property as mail. You must send attribute statement for the FortiManager, it should be username and map it to mail.
    AjithkumarSID_4-1679675837539.png
  8. Do one of the following:
    1. If you have chosen SP-Initiated flow, ensure at the top of the page that the Connection URL is added as the SP ACS (Login) URL.
      AjithkumarSID_5-1679675881488.png 
    2. If you have chosen it to be IdP-Initiated flow, ensure to add this input in the Connection URL parameter at the top of the page.
      AjithkumarSID_6-1679676008538.png
  9. Select the Show Advance Configuration dropdown and under the User Access page, select your desired policy to be applied.
  10. Select Next Step > Save and Finish > Publish Changes.
  11. In the Portal Display page, if needed, select Display in Portal as FortiManager supports IdP initiated SAML SSO.
    AjithkumarSID_7-1679676072033.png

Configuration is complete.

Return to the main page.

Related Articles

Trending Articles

Don't see what you're looking for?