Changed description

IdentityProvider/FortiAuthenticator.md

@@ -1,10 +1,52 @@
-The FortiAuthenticator ist called FAC here, as this is the shortname used by Fortinet themself.
+The FortiAuthenticator ist called `FAC` here, as this is the shortname used by Fortinet themself.
+In this repo we use `fac.mydomain.com` as our base URL for the FAC.
 
 # OIDC / OAuth
 
 ## Engomo
 
-**On the FAC**
+### FAC - part
-### Authentication > OAuth Service > Relying Party
+
+**#1 Authentication > OAuth Service > Portals**
+1) Create New
+2) Name: `Engomo`
+3) leave everything else default
+4) Save
+
+**#2 Authentication > OAuth Service > Policies**
+1) Create New
+2) Policy type: Name: `Engomo`
+3) Identity sources: `Realm: select your realm and Groups in den Filter that should have access`
+4) Authentication factors: Change settings to your needs, f.e. `Application name for FTM push notification: Engomo`
+
+**#3 Authentication > OAuth Service > Scopes**
+1) Create New
+2) Name: `profile`
+3) Name: `email`
+
+**#4 Authentication > OAuth Service > Relying Party**
+1) Name: `Engomo`
+2) Client type: `Confidential`
+3) Authorization grant types: `Authorization code`
+4) Client ID: `note this ID`
+5) Client secret: `note this secret`
+6) Policy: `choose "Engomo" from Step 2`
+7) Access token expiry: `change to your needs or leave default (36000 seconds)`
+8) Refresh token expiry: `change to your needs or leave default (1 day)`
+9) Redirect URIs: `https://fac.mydomain.com/auth`
+10) Add 3 Scopes with `+ Add Relying Party Scope`
+11) Set the scopes to this:
+| Scope      | Default |
+| :---        |    :----:   |
+| openid      | x       |
+| email      | x       |
+| profile      | x       |
+12) Save
+13) Add 1 Claim with `+ Add Claim`
+14) Set the Claims to this:
+| Scope      | Name | User Attribute |
+| :---        |    :----:   |    :----:   |
+| openid      | preferred_username | Email |
+
 
 ![RelyingParty](screenshots/FAC-engomo01.png)