Configuring FortiMail Webmail Single Sign On


This recipe guides you through the process of  configuring FortiMail Webmail Single Sign On to work with Active Directory Federation Server (ADFS).

The FortiMail unit needs to be in Server Mode in order for the following procedures to work.

 Configuring an LDAP Profile and Domain

First we’ll need to configure an LDAP Profile if not already created and then create a domain.

  1. Go to Profile > LDAP > LDAP.
  2. Select New.
  3. Enter the required information and then select Create.
  4. Go to Domain & User > Domain > Domain. 
  5. Select New.
  6. Enter the necessary information and select the previously created LDAP profile from the User profile dropdown menu.
  7. Select Create.

 Configuring Webmail

Next we’ll need to configure the Webmail and save important FortiMail metadata. You must be in Advanced Mode to continue with the following steps.

  1. Go to System > Customization > Appearance.
  2. Expand the Web Portal section.
  3. Select “3rd Party/Single Sign on” from the Login page dropdown menu.
  4. Select Edit.
  5. Copy the FortiMail Service Provider Metadata URL and download the FortiMail metadata using the URL. You’ll need this file for the next section.
  6. Select OK and then Apply.




 Configuring FortiAuthenticator

Now we’ll need to configure FortiAuthenticator. 

  1. Go to Authentication > SAML IdP > General.
  2. Enable SAML IDP.
  3. Select OK.
  4. Go to Authentication > SAML IdP > Service Provider
  5. Select Create New.
  6. Copy the IDP entity id
  7. Select Import SP metadata and select the metadata you downloaded in the previous section.
  8. Select Create New in the SAML Attribute section and enter “urn:oid:0.9.2342.19200300.100.1.3” and set the User Attribute to “Email”.