In an advisory, Fortinet notes that the FortiCloud SSO login feature is not enabled in default factory configurations. However, when an administrator registers the device with FortiCare product support from the device’s GUI, single sign-on login is enabled unless they turn off the setting “Allow administrative login using FortiCloud SSO” on the registration page.
Single sign-on allows users to enter one password to access many applications or services, and in this case it enables an admin to oversee several Fortinet devices. Ullrich calls it “a crucial component in providing a unified authentication and access control experience across an organization. Integrating devices like FortiNet’s offerings is important, and organizations are typically advised to enable this feature.”
Fortinet uses SAML as the underlying protocol, he explained, noting, “this is a complex protocol, and numerous implementations of it have encountered issues in the past. Just yesterday, the same day Fortinet patched its systems, Ruby released a patch for its SAML library.”
