All Collections
Fortinet FortiNAC [Beta]
Fortinet FortiNAC [Beta]

FortiNAC provides devices and software to help businesses manage Wi-Fi network access for guests.

Updated over a week ago

The FortinNAC app enables you to easily provide each of your visitors with unique access to your Wi-Fi network.

How does this application work?

When a visitor signs in with Envoy, FortiNAC receives their information and automatically provisions a temporary code to access your Wi-Fi network. Envoy then sends this code to the visitor via email or text message.

Note: For this application to work, you must collect either visitor email addresses or phone numbers at sign-in. Learn more about how to configure your Envoy sign-in fields.


  • MUST BE ON VERSION 9.4.5 of FortiNAC or higher, a previous API bug was patched on the Fortinet side in this version.

  • The following IPs must be whitelisted for inbound and outbound communication:

    • Static IP #1:

    • Static IP #2:

    • Static IP #3:

  • Validate the port configured within FortiNAC and confirm the port is whitelisted alongside the IPs above.

  • Create an API key user using the following guide.

    • Create new User ID with the following name: envoy-api-admin

    • Under "Allowed Subnets", add Envoy's IPs listed above to allow requests from our system using the FortiAPI.

    • Endpoints used as part of the integration:

      • GET/POST/PATCH user

      • GET user/guest-templates

    • Ensure permission sets should match the following:

      • Guest/Contractor Templates -> Access

      • Users -> Add/Modify

    • If you run into API key creation, please contact your Fortinet support rep.

Enabling the Envoy + FortiNAC application

  1. Under Wi-Fi, find Fortinet. Click “Install” and then “Configure”.

  2. Enter your FortiNAC domain and port.

  3. Enter your API key created above as a prerequisite, then click “Next step”. Please ensure that this user has sufficient permissions noted above.

  4. Select your Guest Template from the drop-down, then click “Next Step”. Please ensure this Guest Template has a guest network and portal configured.

  5. Under Visitors configuration:

    1. Required: Select access duration for guest credentials to remain active at creation

    2. Optional: Select Visitor types to block from receiving Wi-Fi credentials.

    3. Optional: Send guest Wi-Fi credentials to hosts. This is useful when visitors do not have easy access to email or text messages or if they are not required to enter their email address or phone number at sign-in.

    4. Optional: Delete guests on sign-out: this will delete the guest accounts for the visitors on sign-out.

  6. Click “Complete setup.”

Did this answer your question?