Hi all, how to match privacyidea user’s and set up different policies in fortigate firewall?

Greetings,

set different policies in Privacyidea.
image

Radius server configuration in fortigate firewall
image

Received from email or sms 2fa notification.
image

How to match privacyidea user’s and set up different policies in fortigate firewall?

Hi,
I use rlm_perl to return the Radius-Attribute “Fortinet-Group-Name”. Its possible to return the resolver and every user-property like every group-membership. In the policy you only have to use the group names:

use something like this in rlm_perl.ini:

[Attribute Fortinet-Group-Name]
dir = user
userAttribute = groups
regex = CN=(.*?),OU

1 Like