# Engomo

## Base URLs:
IDP: `fac.mydomain.com`  
SP: `engomo.mydomain.com`

## FAC

**#1 Authentication > OAuth Service > Portals**
1) Create New
2) Name: `Engomo`
3) leave everything else default
4) Save
![IDP](images/engomo_idp_01.png)

**#2 Authentication > OAuth Service > Policies**
1) Create New
2) Policy type: Name: `Engomo`
3) Identity sources: `Realm: select your realm and Groups in den Filter that should have access`
4) Authentication factors: Change settings to your needs, f.e. `Application name for FTM push notification: Engomo`
![IDP](images/engomo_idp_02.png)

**#3 Authentication > OAuth Service > Scopes**
1) Create New
2) Name: `profile`
3) Name: `email`
![IDP](images/extra_scopes_01.png)

**#4 Authentication > OAuth Service > Relying Party**
1) Name: `Engomo`
2) Client type: `Confidential`
3) Authorization grant types: `Authorization code`
4) Client ID: `note this ID`
5) Client secret: `note this secret`
6) Policy: `choose Engomo from Step 2`
7) Access token expiry: `change to your needs or leave default (36000 seconds)`
8) Refresh token expiry: `change to your needs or leave default (1 day)`
9) Redirect URIs: `https://engomo.mydomain.com/auth`
10) Add 3 Scopes with `+ Add Relying Party Scope`
11) Set the scopes to this:
| Scope      | Default |
| :---        |    :----:   |
| openid      | x       |
| email      | x       |
| profile      | x       |
12) Save
13) Add 1 Claim with `+ Add Claim`
14) Set the Claims to this:
| Scope      | Name | User Attribute |
| :---        |    :----:   |    :----:   |
| openid      | preferred_username | Email |
15) Save
![IDP](images/engomo_idp_03.png)

## Engomo

**#1 Server > Authentication**
1) Hit the `+` icon to add a new IDP
2) Name: `FortiAuthenticator` (choose name whatever you want)
![createSP](images/engomo_sp_01.png)
3) Type: OpenID Connect
4) Issuer: https://fac.mydomain.com/api/vl/oauth
5) Client ID: `ID from FAC step #4-4`
6) Client secret: `secret from FAC step #4-5`
7) Config Mode: `Auto-Configuration`
8) Access token pass-through: `Prohibited`
9) Save
![SP](images/engomo_sp_02.png)

**#2 Users & Devices > Users**
1) Create a new user (`+` icon) or use an existing one
2) Authenticator: Choose `FortiAuthenticator` from step #2
![User](images/engomo_sp_03.png)