This article covers configuration of Fortigate devices for use with JumpCloud’s LDAP Servers. Once configured, users connecting through your Fortigate VPN or networking device can authenticate via LDAP with their JumpCloud credentials.
This configuration applies to most Fortigate devices, but screenshots and locations of settings within the Fortigate systems may vary with newer updates from the vendor.
Configuring the LDAP Server
To configure your Fortigate networking device to authenticate against JumpCloud’s LDAP Servers:
- Log in to your Fortigate Admin Panel with your Administrator credentials.
- In the left menu, navigate to User & Authentication > LDAP Servers > Edit LDAP Server.
- Enter the following settings:
- Name: JumpCloud LDAP
- Server IP/Name: ldap.jumpcloud.com
- Server Port: 636
- Common Name Identifier: uid
- Distinguished Name: o=INSERT_ORG_ID_HERE,dc=jumpcloud,dc=com
- Bind Type: select Regular
- Username: INSERT_LDAP_BIND_DN_HERE (This would be like uid=ldapadmin,ou=Users,o=ORGID,dc=jumpcloud,dc=com)
- Password: LDAP_BIND_DN_PASSWORD
- Enable Secure Connection.
- Protocol: select LDAPS
- Certificate: Browse to and upload the Go_Daddy_Class_2_CA outlined in this LDAP article.
- Click Test Connectivity and ensure that the status is Successful.
If the test fails, check your configuration settings and retry the connection.
- After the test is successful, click OK.
- You can now move on to configuring the permissions and ACLs within Fortigate to allow for User Authentication.
Implementing LDAP Group Membership
To query JumpCloud User Groups via LDAP, use the following Fortigate CLI commands to modify the LDAP server configuration. This lets you manage access using JumpCloud User Groups associated with the LDAP server. See Creating an LDAP Group.
set group-member-check posix-group-object
set group-search-base "o=orgid,dc=jumpcloud,dc=com"
set group-object-filter (&(objectClass=groupOfNames))