This feature is particularly useful in situations where only the identity of the user is important, for example: Set the desired timeout next to Account expires after.Īccount expiry is not available for the Credentials portal.
The user enters this passcode into the captive portal registration page.Īccount expiry can be configured for social and MAC Address portals under Authentication > Captive Portal > A passcode is then sent to the user's email address. The user then enters this passcode at the authentication screen to successfully authenticate.Įmail-based authentication is similar to SMS-based authentication, except that the user enters their email address instead of their mobile phone number. When the user enters their number, a passcode is sent to their mobile device. In SMS-based authentication, the user is redirected to a registration portal which requests a valid mobile phone number. Such information is commonly gathered in short-term transient use locations such as airports and coffee shops.
It is also possible to register using minimal (configurable) information, for example: e-mail or mobile-only.
Similar to the existing Self-registration page, it is possible to register by supplying user details. Once logged in, the user can Follow the organization. Log-in via Twitter is supported as described here. Once logged in, the user can Connect with the organization. Log-in via Linkedin is supported using the OAUTH2 protocol as described here. Once logged in, the user can Like the organization's Facebook page. Log-in via Facebook is known as "Facebook Connect" and is described here. Once logged in, the user can Add to Circles with the organization. Log-in using Google+ is an option for Google users, utilizing the OAUTH2 protocol described here. Supported third-party authentication methods are described in the table below. Note that social based captive portal must be enabled on at least one RADIUS client under Authentication > RADIUS Service > Clients.Įach third-party method can be enabled or disabled on an individual basis under Authentication >Ĭaptive Portal > General. The goal is to provide some traceability of users without requiring the heavy overhead of creating guest accounts. Social Wifi authentication allows FortiAuthenticator to utilize third-party user identity methods (social sites, valid e-mail address, or phone number) to authenticate users into a wireless guest network. Upon successful login, the user is redirected to the webpage originally requested. When the user is redirected to the credentials portal login page, they must enter their username and password, and (optionally) their FortiToken passcode.
For environments where there is one FortiWifi with multiple access points (AP), the administrator can specify a list of IP addresses for all the APs. The credentials portal administrator must indicate which of the profiles to use for user authentication. The goal is to restrict access to a set of pre-authorized users only. The credentials portal requires known users (users who already have an account) to authenticate using their credentials (password and/or token code). General captive portal configuration is available under Authentication > Captive Portal > General. Options are available to Enable captive portal for each individual portal: The following captive portal authentication options are available:Ĭaptive portal access is enabled on a per-FortiGate basis through the RADIUS client configuration atĪuthentication > RADIUS Service > Clients > Create New. As such, some FortiGate configuration is required. The FortiGate facilitates access control by redirecting the user's web browser to one of the FortiAuthenticator's captive portals. Authentication requires the user to associate their device with the guest SSID as published by the FortiGate wireless controller. The following section describes how you can use FortiAuthenticator to grant remote users access to certain portions of the network using delegated authentication through a captive portal.
0 kommentar(er)
