Follow the steps below to configure single sign-on with Active Directory Federated Services (ADFS):
Fortinet Security Awareness and Training ServiceConfiguration
1) On the left side menu, click Settings, then click Admin Settings
2) Under Single Sign-On (SSO), click Edit SSO config
3) Select Upload your identity provider metadata, then select Input metadata URL, then paste the AD FS metadata URL (https://<ADFSServerPublicURL>/federationmetadata/2007-06/federationmetadata.xml) into the IdP Metadata URL box.
4) Click the Add Fortinet as a SAML service provider (SP) section to expand it
5) Copy the value for Copy this SP Entity ID (service provider metadata) and take note of it (we'll need it later)
6) Click Continue
7) Under Configure your SAML attributes, configure the following:
Value | Attribute |
| firstname | First_Name |
| lastname | Last_name |
8) Click Continue
9) Click Complete
Active Directory Federated Services (ADFS)
1) Log into <Primary AD FS Server> and launch AD FS Management
2) Right click Relying Party Trusts and click Add Relying Party Trust…
3) On the Welcome screen, ensure Claims aware is selected, and click Start
4) On the Select Data Source screen, ensure Import data about the relying party published online or on a local network is selected, and paste in the metadata URL of https://<tenant>.us.ftnt.info/saml2/<GUID>/metadata (this is the value we saved from earlier from the SP Entity ID field on the Fortinet SATS admin interface)
5) On the Specify Display Name screen, in the Display name field, enter in Fortinet Security Awareness Training v3.
6) On the Choose Access Control Policy screen, select your desired access policy, and click Next.
7) On the Ready to Add Trust screen, click Next
8) On the Finish screen, ensure Configure claims issuance policy for this application is checked, and click Close.
The Edit Claim Issuance Policy window sometimes pops up behind the AD FS Management window.
10) On the Edit Claim Issuance Policy window, click Add Rule
11) On the Choose Rule Type screen, under Claim rule template, ensure Send LDAP Attributes as Claims is selected, and click Next
12) On the Configure Claim Rule screen, set the following:
Claim rule name: Attributes
Attribute store: Active Directory
Note: When adding the Outgoing Claim Type in AD FS, if the claim isn't in the drop-down list exactly as required, you can type the claim name into the field manually.
LDAP Attribute mappings:
LDAP Attribute | Outgoing Claim Type
E-Mail-Addresses | Email
Given-Name | First_name
Surname | Last_name
E-Mail-Addresses | Name ID
LDAP Attributes | Outgoing Claim Type |
E-Mail-Addresses | |
| Given-Name | First_name |
| Surname | Last_name |
| E-Mail-Addresses | Name ID |
13) Click Finish
14) Click OK to exit the claim rules list.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article