Introduction
Welcome and thank you for selecting Fortinet products for your network protection.
This chapter contains the following topics:
l Before you begin l How this guide is organized
Before you begin
Before you begin using this guide, please ensure that:
l You have administrative access to the web-based manager and/or CLI. l The FortiGate unit is integrated into your network. l The operation mode has been configured. l The system time, DNS settings, administrator password, and network interfaces have been configured. l Firmware, FortiGuard Antivirus and FortiGuard Antispam updates are completed. l Any third-party software or servers have been configured using their documentation.
While using the instructions in this guide, note that administrators are assumed to be super_admin administrators unless otherwise specified. Some restrictions will apply to other administrators.
How this guide is organized
This Handbook chapter contains the following sections:
Introduction to authentication describes some basic elements and concepts of authentication.
Authentication servers describes external authentication servers, where a FortiGate unit fits into the topology, and how to configure a FortiGate unit to work with that type of authentication server.
Users and user groups describes the different types of user accounts and user groups. Authenticated access to resources is based on user identities and user group membership. Two-factor authentication methods, including FortiToken, provide additional security.
Managing Guest Access explains how to manage temporary accounts for visitors to your premises.
Configuring authenticated access provides detailed procedures for setting up authenticated access in security policies and authenticated access to VPNs.
Captive portals describes how to authenticate users through a web page that the FortiGate unit presents in response to any HTTP request until valid credentials are entered. This can be used for wired or WiFi network interfaces.
Certificate-based authentication describes authentication by means of X.509 certificates.
Single Sign-On using a FortiAuthenticator unit describes how to use a FortiAuthenticator unit as an SSO agent that can integrate with external network authentication systems such as RADIUS and LDAP to gather user logon information and send it to the FortiGate unit. Users can also log on through a FortiAuthenticator-based web portal or the FortiClient SSO Mobility Agent.
Single Sign-On to Windows AD describes how to set up Single Sign-On in a Windows AD network by configuring the FortiGate unit to poll domain controllers for information user logons and user privileges.
Agent-based FSSO describes how to set up Single Sign-On in Windows AD, Citrix, or Novell networks by installing Fortinet Single Sign On (FSSO) agents on domain controllers. The FortiGate unit receives information about user logons and allows access to network resources based on user group memberships.
SSO using RADIUS accounting records describes how to set up Single Sign-On in a network that uses RADIUS authentication. In this configuration, the RADIUS server send RADIUS accounting records to the FortiGate unit when users log on or off the network. The record includes a user group name that can be used in FortiGate security policies to determine which resources each user can access.
Monitoring authenticated users describes FortiOS authenticated user monitor screens.
Examples and Troubleshooting provides configuration examples and troubleshooting suggestions.