What's new in FortiAuthenticator 6.0.1
The following list contains new and expanded features added in FortiAuthenticator 6.0.1.
Support for FortiToken Cloud
FortiAuthenticator adds support for token-based authentication through the FortiToken Cloud service. This service offers centralized and simplified management of two-factor tokens. You will be able to use this feature when the FortiToken Cloud service provides support for FortiAuthenticator.
Guest portals: Automatic login after registration
When configuring a guest portal, you have the option to automatically log new users into the guest network after they successfully register.
Client certificate for TLS authentication with remote LDAP servers
FortiAuthenticator can be configured to communicate with a remote LDAP server over TLS, using a client certificate to authenticate the TLS connection. This is useful in cases where you want to connect FortiAuthenticator as an LDAP client to secure LDAP services, such as the one offered by G Suite.
SAML IdP enhancements
The SAML IdP feature includes a few customization enhancements. You can:
- use different IdP-signing certificates for each Service Provider (SP). This can be useful when renewing a certificate before expiry, allowing staged updates of the various SPs.
- specify up to three alternative ACS login URLs for each SP.
- customize the replacement message for the SAML IdP Request Expired page. This page appears when the SP request expires due to the end-user waiting too long on the SAML IdP login page before proceeding with the login.
Node-specific default gateway
You can now define a node-specific default gateway for the FortiAuthenticator device if it differs from the default gateway of the other HA cluster member. To add the default gateway go so System > Administration > High Availability or use the following CLI command:
configure system ha
set ns-gw <gateway>
More granular control for purging disabled user accounts
When configuring the general user account policy settings, you have the option to automatically purge disabled user accounts on an hourly basis.
REST API enhancement: OAuth verify token returns username
The /oauth/verify_token/ endpoint now returns the username associated to the valid OAuth token.