Forticloud setup instructions for Primary Technical Contacts

Create Account/Reset Password

1. Visit https://support.fortinet.com
2. Select "Create Account"
3. Enter your email address from your support@nextdlp.com confirmation email
4. In the Captcha verification page, click the I am human checkbox and complete the verification, then click Get Email Verification Code.
5. Enter the verification code that is sent to your email, in the Email Verification Code field, then click Next.
6. The next page will show "Your Email address has been recognized". Click Next.
7. The FortiCloud login page is then displayed. Click the "Forgot password?" link there.
8. Enter your email address in the Email field, complete the Captcha, then click Submit.
9. You should receive an email from cs@fortinet.com "Your Fortinet Account Password" with a password reset link. Click the link and complete password reset.
10. Login with your new password. After you submit the verification code sent to your email from noreply@fortinet-notifications.com, login to FortiCloud will complete.

Sign in and confirm FortiDLP license & seats

1. Visit https://support.fortinet.com 
2. Select Log in using EMAIL LOGIN (default)
3. Enter email address and new password
4. Enter any security codes emailed for 2FA/email verification
5. Read and accept any terms and conditions
6. Under Asset Management, select Account Services
7. Select the DLP SKU from the list
8. Confirm the number of seats is correct

Set up permissions profiles for FortiDLP and support services access

1. Select IAM from Services in top bar
2. Select Permissions profiles
3. Click Add New
4. Enter a descriptive name e.g. FortiDLP Analyst Role
5. Type = Local
6. Click Add Portal
7. Select FortiDLP (Beta)
8. Click Add
9. Toggle “Access” For the FortiDLP box that appears
10. Choose an access type from the radio boxes
11. Optional – add FortiCare New permissions for access to create/view support tickets
12. Click Submit

Once permissions profiles have been configured, customers have the option to either configure IAM accounts for additional users within FortiCloud itself, or else configure their own external Identity Provider using SAML 2.0 Federation.

Option A) External Identity Provider Federation (preview feature)

1. Register a new SAML application in your Identity provider, using dummy values for the entity ID and ACS URL.
2. Download the federation metadata XML file
3. Email forticloud-enroll-extidp@fortinet.com with your enrollment information and attach federation XML file

Example submission Form:

=============================================================

Date: 2025-02-12

Company Name: Example Company

Contact Name: James Smith

Contact Email: james.smith@example.com

IdP Name: Azure/Entra ID

SAML Version: 2.0

IDP Metadata: Attached

IdP Enforces 2FA: Yes

IdP transition period: 1 month

FortiCloud Accounts:

1965291 - james.smith@example.com

=============================================================

The ID number in bold can be found by selecting the Account details button in the top right of any FortiCloud page

Any email response should come through from the Fortinet operations team with the correct URLs and Entity IDs to continue setup. 

An example video of the final configuration steps can be found for Microsoft Azure here:

https://video.fortinet.com/products/forticloud/General/setting-up-azure-as-external-idp-in-forticloud#

and Okta here:

https://video.fortinet.com/products/forticloud/General/setting-up-okta-as-external-idp-in-forticloud

Option B) Create IAM users for FortiDLP access

1. Select IAM from Services in top bar
2. Select Users
3. Select Add New and IAM user
4. Enter all required details
5. Do not select an existing user
6. Click Next
7. Type = Organisation
8. Permission Scope, Account = The only account listed (lowest tier in tree)
9. Choose a permissions profile previously created
10. Click Next
11. Click Confirm
12. Click Generate Password (twice)
13. Note down the password reset link and share it with the chosen user

Steps for new IAM users to set their own password and sign in

1. The final IAM user should visit the password reset link provided by the primary technical contact from the previous step.
2. It is important that the end user notes down both the username and account ID from reset password page. It can be difficult to obtain this later without asking the primary technical contact.
3. Enter a password and submit
4. Visit https://support.fortinet.com 
5. Select IAM LOGIN
6. Enter account ID, username and password from step 2
7. Enter the security code
8. Verify email address with code and captcha
9. To access the FortiDLP tenant, select "FortiDLP (Beta) from the Services menu, it may be under "show more".