Fortinet white logo
Fortinet white logo

Administration Guide

Introduction

Introduction

The FortiAuthenticator device is an identity and access management solution. Identity and access management solutions are an important part of an enterprise network, providing access to protected network assets and tracking user activities to comply with security policies.

FortiAuthenticator provides user identity services to the Fortinet product range, as well as third-party devices.

FortiAuthenticator delivers multiple features including:

  • Authentication: FortiAuthenticator includes Remote Authentication Dial In User Service (RADIUS) and Lightweight Directory Access Protocol (LDAP) server authentication methods, and Security Assertion Markup Language (SAML), which is used for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP).
  • Two-Factor Authentication: FortiAuthenticator can act as a two-factor authentication server with support for one-time passwords (OTP) using FortiToken Hardware, FortiToken Mobile, Short Message Service (SMS), or email. FortiAuthenticator two-factor authentication is compatible with any system which supports RADIUS.
  • IEEE802.1X Support: FortiAuthenticator supports 802.1X for use in FortiGate Wireless and Wired networks.
  • User Identification: FortiAuthenticator can identify users through multiple data sources, including Active Directory (AD), desktop client, guest portal logon, RADIUS accounting, Kerberos, and a Representational State Transfer (REST) API. It can then communicate this information to FortiGate or FortiMail units for use in identity based policies.
  • Certificate Management: FortiAuthenticator can create and sign digital certificates for use, for example, in FortiGate VPNs and with the FortiToken 300 USB certificate store.
  • Integration: FortiAuthenticator can integrate with third-party RADIUS, LDAP, and SAML authentication systems, allowing you to reuse existing information sources. The REST API can also be used to integrate with external provisioning systems.

FortiAuthenticator is a critical system, and should be isolated on a network interface that is separated from other hosts to facilitate server-related firewall protection. Be sure to take steps to prevent unauthorized access to the FortiAuthenticator.

FortiAuthenticator on a multiple FortiGate unit network

The FortiAuthenticator series of identity and access management appliances complement the FortiToken range of two-factor authentication tokens for secure remote access. FortiAuthenticator allows you to extend the support for FortiTokens across your enterprise by enabling authentication with multiple FortiGate appliances and third-party devices. FortiAuthenticator and FortiToken deliver cost effective, scalable, secure authentication to your entire network infrastructure.

The FortiAuthenticator device provides an easy-to-configure remote authentication option for FortiGate users. Additionally, it can replace the Fortinet Single Sign-On (FSSO) Agent on a Windows AD network.

For more information about FortiTokens, see the FortiToken information page on the Fortinet web site.

Introduction

Introduction

The FortiAuthenticator device is an identity and access management solution. Identity and access management solutions are an important part of an enterprise network, providing access to protected network assets and tracking user activities to comply with security policies.

FortiAuthenticator provides user identity services to the Fortinet product range, as well as third-party devices.

FortiAuthenticator delivers multiple features including:

  • Authentication: FortiAuthenticator includes Remote Authentication Dial In User Service (RADIUS) and Lightweight Directory Access Protocol (LDAP) server authentication methods, and Security Assertion Markup Language (SAML), which is used for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP).
  • Two-Factor Authentication: FortiAuthenticator can act as a two-factor authentication server with support for one-time passwords (OTP) using FortiToken Hardware, FortiToken Mobile, Short Message Service (SMS), or email. FortiAuthenticator two-factor authentication is compatible with any system which supports RADIUS.
  • IEEE802.1X Support: FortiAuthenticator supports 802.1X for use in FortiGate Wireless and Wired networks.
  • User Identification: FortiAuthenticator can identify users through multiple data sources, including Active Directory (AD), desktop client, guest portal logon, RADIUS accounting, Kerberos, and a Representational State Transfer (REST) API. It can then communicate this information to FortiGate or FortiMail units for use in identity based policies.
  • Certificate Management: FortiAuthenticator can create and sign digital certificates for use, for example, in FortiGate VPNs and with the FortiToken 300 USB certificate store.
  • Integration: FortiAuthenticator can integrate with third-party RADIUS, LDAP, and SAML authentication systems, allowing you to reuse existing information sources. The REST API can also be used to integrate with external provisioning systems.

FortiAuthenticator is a critical system, and should be isolated on a network interface that is separated from other hosts to facilitate server-related firewall protection. Be sure to take steps to prevent unauthorized access to the FortiAuthenticator.

FortiAuthenticator on a multiple FortiGate unit network

The FortiAuthenticator series of identity and access management appliances complement the FortiToken range of two-factor authentication tokens for secure remote access. FortiAuthenticator allows you to extend the support for FortiTokens across your enterprise by enabling authentication with multiple FortiGate appliances and third-party devices. FortiAuthenticator and FortiToken deliver cost effective, scalable, secure authentication to your entire network infrastructure.

The FortiAuthenticator device provides an easy-to-configure remote authentication option for FortiGate users. Additionally, it can replace the Fortinet Single Sign-On (FSSO) Agent on a Windows AD network.

For more information about FortiTokens, see the FortiToken information page on the Fortinet web site.