authentik/website/integrations/services/fortimanager/index.md

---
title: FortiManager
---

<span class="badge badge--secondary">Support level: Community</span>

## What is FortiManager

> FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
>
> FortiManager is a paid enterprise product.
>
> -- https://www.fortinet.com/products/management/fortimanager

## Preparation

The following placeholders will be used:

-   `fgm.company` is the FQDN of the FortiManager install.
-   `authentik.company` is the FQDN of the authentik install.

Create an application and Provider in authentik, note the slug, as this will be used later. Create a SAML provider with the following parameters:

Provider:

-   ACS URL: `https://fgm.company/saml/?acs`
-   Issuer: `https://authentik.company/application/saml/fgm/sso/binding/redirect/`
-   Service Provider Binding: Post

You can of course use a custom signing certificate, and adjust durations.

Application:

-   Launch URL: 'https://fgm.company/p/sso_sp/'

## FortiManager Configuration

Navigate to `https://fgm.company/p/app/#!/sys/sso_settings` and select SAML SSO settings to configure SAML.

Select 'Service Provider (SP)' under Single Sign-On Mode to enable SAML authentication.

Set the Field 'SP Address' to the FortiManager FQDN 'fgm.company'. (This gives you the URLs to configure in authentik)

Set the Default Login Page to either 'Normal' or 'Single-Sign On'. (Normal allows both local and SAML authentication vs only SAML SSO)

FortiManager create a new user by default if one does not exist so you will need to set the Default Admin Profile to the permissions you want any new users to have. (We created a no_permissions profile to assign by default)

Set the Field 'IdP Type' to 'Custom'

Set the Field `IdP entity ID` to `https://authentik.company/application/saml/fgm/sso/binding/redirect/`.

Set the Field `IdP Login URL` to `https://authentik.company/application/saml/fgm/sso/binding/redirect/`.

Set the Field `IdP Logout URL` to `https://authentik.company/`

For the Field 'IdP Certificate" Import your authentik cert. (Self Signed or real)
website/docs: Add FortiManager intergration instructions (#1907) 2021-12-10 19:57:22 +00:00			`---`
			`title: FortiManager`
			`---`

website/docs: support levels (#3103) * website/docs: add badges for integration level Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add badge for sources Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-06-15 19:31:34 +00:00			`<span class="badge badge--secondary">Support level: Community</span>`

website/docs: Add FortiManager intergration instructions (#1907) 2021-12-10 19:57:22 +00:00			`## What is FortiManager`

website/integrations: cite better (#6431) * update awx-tower to RHAAP Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate to new quotation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update all Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-07-31 10:16:58 +00:00			`> FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.`
			`>`
			`> FortiManager is a paid enterprise product.`
			`>`
			`> -- https://www.fortinet.com/products/management/fortimanager`
website/docs: Add FortiManager intergration instructions (#1907) 2021-12-10 19:57:22 +00:00
			`## Preparation`

			`The following placeholders will be used:`

website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00			- `fgm.company` is the FQDN of the FortiManager install.
			- `authentik.company` is the FQDN of the authentik install.
website/docs: Add FortiManager intergration instructions (#1907) 2021-12-10 19:57:22 +00:00
			`Create an application and Provider in authentik, note the slug, as this will be used later. Create a SAML provider with the following parameters:`

			`Provider:`
website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00
			- ACS URL: `https://fgm.company/saml/?acs`
			- Issuer: `https://authentik.company/application/saml/fgm/sso/binding/redirect/`
			`- Service Provider Binding: Post`
website/docs: Add FortiManager intergration instructions (#1907) 2021-12-10 19:57:22 +00:00
			`You can of course use a custom signing certificate, and adjust durations.`

			`Application:`
website: format docs with prettier (#2833) * run prettier Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add scim to comparison Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-05-09 19:22:41 +00:00
			`- Launch URL: 'https://fgm.company/p/sso_sp/'`
website/docs: Add FortiManager intergration instructions (#1907) 2021-12-10 19:57:22 +00:00
			`## FortiManager Configuration`

website/integrations: cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-12-22 20:46:46 +00:00			Navigate to `https://fgm.company/p/app/#!/sys/sso_settings` and select SAML SSO settings to configure SAML.
website/docs: Add FortiManager intergration instructions (#1907) 2021-12-10 19:57:22 +00:00
			`Select 'Service Provider (SP)' under Single Sign-On Mode to enable SAML authentication.`

website/integrations: cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-12-22 20:46:46 +00:00			`Set the Field 'SP Address' to the FortiManager FQDN 'fgm.company'. (This gives you the URLs to configure in authentik)`
website/docs: Add FortiManager intergration instructions (#1907) 2021-12-10 19:57:22 +00:00
			`Set the Default Login Page to either 'Normal' or 'Single-Sign On'. (Normal allows both local and SAML authentication vs only SAML SSO)`

			`FortiManager create a new user by default if one does not exist so you will need to set the Default Admin Profile to the permissions you want any new users to have. (We created a no_permissions profile to assign by default)`

			`Set the Field 'IdP Type' to 'Custom'`

			Set the Field `IdP entity ID` to `https://authentik.company/application/saml/fgm/sso/binding/redirect/`.

			Set the Field `IdP Login URL` to `https://authentik.company/application/saml/fgm/sso/binding/redirect/`.

			Set the Field `IdP Logout URL` to `https://authentik.company/`

website/integrations: cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-12-22 20:46:46 +00:00			`For the Field 'IdP Certificate" Import your authentik cert. (Self Signed or real)`