2.2 KiB
2.2 KiB
Engomo
Base URLs:
IDP: fac.mydomain.com
SP: engomo.mydomain.com
FAC
#1 Authentication > OAuth Service > Portals
- Create New
- Name:
Engomo - leave everything else default
- Save
#2 Authentication > OAuth Service > Policies
- Create New
- Policy type: Name:
Engomo - Identity sources:
Realm: select your realm and Groups in den Filter that should have access - Authentication factors: Change settings to your needs, f.e.
Application name for FTM push notification: Engomo
#3 Authentication > OAuth Service > Scopes
- Create New
- Name:
profile - Name:
email
#4 Authentication > OAuth Service > Relying Party
- Name:
Engomo - Client type:
Confidential - Authorization grant types:
Authorization code - Client ID:
note this ID - Client secret:
note this secret - Policy:
choose "Engomo" from Step 2 - Access token expiry:
change to your needs or leave default (36000 seconds) - Refresh token expiry:
change to your needs or leave default (1 day) - Redirect URIs:
https://engomo.mydomain.com/auth - Add 3 Scopes with
+ Add Relying Party Scope - Set the scopes to this:
Scope Default openid x email x profile x - Save
- Add 1 Claim with
+ Add Claim - Set the Claims to this:
Scope Name User Attribute openid preferred_username Email - Save
Engomo
#1 Server > Authentication
- Hit the
+icon to add a new IDP - Name:
FortiAuthenticator(choose name whatever you want)
- Type: OpenID Connect
- Issuer: https://fac.mydomain.com/api/vl/oauth
- Client ID:
ID from FAC step #4-4 - Client secret:
secret from FAC step #4-5 - Config Mode:
Auto-Configuration - Access token pass-through:
Prohibited - Save
#2 Users & Devices > Users
- Create a new user (
+icon) or use an existing one - Authenticator: Choose
FortiAuthenticatorfrom step #2
