FortiAuthenticator - SSO configuration

FortiAuthenticator - SSO configuration

Idea
This documentation has been tested and approved by Kelvin Zero's team
Quote
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for FortiAuthenticator using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
Warning
To set up Multi-Pass with FortiAuthenticator, ensure you meet the following requirements: 
- FortiAuthenticator (FAC) Licensing
- MPAS Subscription
- Administrator rights on MPAS realm and FAC instance
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.




FortiAuthenticator - SSO configuration




Step 1 - Setup of FortiAuthenticator

  1. Log in to your FortiAuthenticator admin console.
  2. Navigate to Authentication.
  3. Select SAML IdP.
  4. Click on Service Providers, click on Create New.
  1. Provide an SP Name:
    1. Enter mpas as the Service Provider name.
  2. Create an IdP Prefix:
    1. Click on the + icon next to the IdP prefix field.
    2. You can either generate a random prefix or create your own custom prefix.
    3. Once the prefix is set, click OK to confirm.

  1. Click on Save.
  1. Return to your Service Provider menu:
    1. Navigate back to the Service Provider menu in your FortiAuthenticator admin console.
  2. Confirm the IdP Prefix:
    1. Ensure that the correct IdP prefix is selected.
  3. Download Metadata:
    1. Scroll down and click on the IdP Metadata button to download the metadata XML file.
This XML file contains essential configuration details for integrating your Service Provider with the IdP.





Step 2 - MPAS configuration

  1. Open Multi-Pass Dashboard
  2. Click on Identity Providers.
  3. Click on Add Provider.
  4. Select SAML v2.0.
This will begin the configuration process for integrating your SAML v2.0 identity provider.

  1. Optionally, provide an alternative alias.
  2. Set the display name to FortiAuthenticator.
  3. Turn off the User entity descriptor option.
  4. Click on Browser… to locate and upload the metadata file you just created.
  5. Scroll down and click on Add to complete the process.
This finalizes the configuration of your SAML v2.0 Identity Provider in MPAS.


  1. Once the IdP is added, open your IdP settings in MPAS.
  2. Click on the SAML 2.0 Service Provider Metadata link.
  3. This will display or download the metadata file for your Service Provider.

This metadata is essential for configuring and validating your SAML integration.

  1. Right-click on the page displaying the metadata.
  2. Select Save as.
  3. Save the file with an .xml file extension.
This ensures you have the metadata file stored locally for further configuration.

  1. Return to the FAC SAML IdP page.
  2. Click on Import SP Metadata.
  3. Upload the XML file you just saved.
  4. Click on OK to complete the process.
This finalizes the metadata import for your Service Provider configuration.



  1. Navigate to your MPAS account console:
    1. https://ca.auth.kzero.com/realms/<realm-name>/account
  2. Click on Try Another Way.
  3. Select FortiAuthenticator.
This will initiate the SAML-based login process using FortiAuthenticator.


  1. Enter your local realm user credentials in the designated fields.
  2. Click on Login to complete the authentication process.
This will allow you to verify the SSO integration using your local account credentials.
  1. Upon successful authentication, you will be redirected to MPAS.
  2. Click on Accept to agree to the terms and conditions.
  3. Fill out any missing requirements.
  4. Click on Save to complete the setup.


Notes
You have successfully used the FortiAuthenticator as an identity provider for Kelvin Zero’s Multi-Pass system (MPAS).
This confirms that your SAML integration is correctly configured and operational. Congratulations!

    • Related Articles

    • SAML SSO Integration Guide

      This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...

    • Mulesoft - SSO Integration

      This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...

    • Entra IDP integration

      Entra IDP integration This guide walks you through the steps to configure Azure Active Directory (Azure AD) as an Identity Provider (IdP) in the Kelvin Zero Multi-Pass Authentication Service (MPAS) using OpenID Connect. Prerequisites : - An Azure ...

    • D2L Brightspace - SSO Integration

      This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...

    • Vanta - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Vanta using MPAS. SSO simplifies user authentication by allowing access to multiple ...