All guest accounts created using the account registration feature will be placed under the Guest_Portal_Users group, as indicated by the setting 'Place registered users into a group: Guest_Portal_Users'. Guest users must fill in all the fields on the registration form because multiple fields such as 'First name,' 'Last name,' 'Email address,' 'Phone number,' and 'Mobile number' are selected under 'Required field configuration.'

To connect to FortiAuthenticator, the SCEP client requires HTTP/HTTPS services to be enabled. These protocols are necessary for secure communication and data exchange between the client and the server. OCSP, SSH, and REST API are not required for this purpose.

EAP-TTLS (Extensible Authentication Protocol - Tunneled Transport Layer Security) is an authentication method that uses digital certificates only on the server side, which securely authenticates the server to the client. This method requires an EAP server certificate. Unlike EAP-TLS, which requires certificates on both the server and client sides, EAP-TTLS facilitates a simpler deployment by eliminating the need for client-side certificates.

Protected Extensible Authentication Protocol (PEAP) is known as the outer authentication method. It provides a secure transportation channel for the inner authentication methods, like EAP-TLS or MSCHAPv2, by encapsulating the EAP within an encrypted and authenticated TLS tunnel. This is why PEAP is considered the outer authentication method.

FortiAuthenticator can be configured as both an Identity Provider (IdP) and a Service Provider (SP) in the context of SAML roles. An Identity Provider is responsible for authenticating a user and asserting their identity to the service provider. A Service Provider receives and uses the identity assertion from the Identity Provider. The options provided align with these roles.