Fortinet white logo
Fortinet white logo

Administration Guide

FortiAuthenticator 6.0.1

FortiAuthenticator 6.0.1

The following list contains new and expanded features added in FortiAuthenticator 6.0.1.

Support for FortiToken Cloud

FortiAuthenticator adds support for token-based authentication through the FortiToken Cloud service. This service offers centralized and simplified management of two-factor tokens. You will be able to use this feature when the FortiToken Cloud service provides support for FortiAuthenticator.

Guest portals: Automatic login after registration

When configuring a guest portal, you have the option to automatically log new users into the guest network after they successfully register.

Client certificate for TLS authentication with remote LDAP servers

FortiAuthenticator can be configured to communicate with a remote LDAP server over TLS, using a client certificate to authenticate the TLS connection. This is useful in cases where you want to connect FortiAuthenticator as an LDAP client to secure LDAP services, such as the one offered by G Suite.

SAML IdP enhancements

The SAML IdP feature includes a few customization enhancements. You can:

  • use different IdP-signing certificates for each Service Provider (SP). This can be useful when renewing a certificate before expiry, allowing staged updates of the various SPs.
  • specify up to three alternative ACS login URLs for each SP.
  • customize the replacement message for the SAML IdP Request Expired page. This page appears when the SP request expires due to the end-user waiting too long on the SAML IdP login page before proceeding with the login.

Node-specific default gateway

You can now define a node-specific default gateway for the FortiAuthenticator device if it differs from the default gateway of the other HA cluster member. To add the default gateway go so System > Administration > High Availability or use the following CLI command:

configure system ha

set ns-gw <gateway>

More granular control for purging disabled user accounts

When configuring the general user account policy settings, you have the option to automatically purge disabled user accounts on an hourly basis.

REST API enhancement: OAuth verify token returns username

The /oauth/verify_token/ endpoint now returns the username associated to the valid OAuth token.

FortiAuthenticator on Azure Marketplace

FortiAuthenticator VM image has been submitted to the Microsoft Azure Marketplace. The image will be available in the Azure Marketplace when the submission process is complete.

FortiAuthenticator 6.0.1

FortiAuthenticator 6.0.1

The following list contains new and expanded features added in FortiAuthenticator 6.0.1.

Support for FortiToken Cloud

FortiAuthenticator adds support for token-based authentication through the FortiToken Cloud service. This service offers centralized and simplified management of two-factor tokens. You will be able to use this feature when the FortiToken Cloud service provides support for FortiAuthenticator.

Guest portals: Automatic login after registration

When configuring a guest portal, you have the option to automatically log new users into the guest network after they successfully register.

Client certificate for TLS authentication with remote LDAP servers

FortiAuthenticator can be configured to communicate with a remote LDAP server over TLS, using a client certificate to authenticate the TLS connection. This is useful in cases where you want to connect FortiAuthenticator as an LDAP client to secure LDAP services, such as the one offered by G Suite.

SAML IdP enhancements

The SAML IdP feature includes a few customization enhancements. You can:

  • use different IdP-signing certificates for each Service Provider (SP). This can be useful when renewing a certificate before expiry, allowing staged updates of the various SPs.
  • specify up to three alternative ACS login URLs for each SP.
  • customize the replacement message for the SAML IdP Request Expired page. This page appears when the SP request expires due to the end-user waiting too long on the SAML IdP login page before proceeding with the login.

Node-specific default gateway

You can now define a node-specific default gateway for the FortiAuthenticator device if it differs from the default gateway of the other HA cluster member. To add the default gateway go so System > Administration > High Availability or use the following CLI command:

configure system ha

set ns-gw <gateway>

More granular control for purging disabled user accounts

When configuring the general user account policy settings, you have the option to automatically purge disabled user accounts on an hourly basis.

REST API enhancement: OAuth verify token returns username

The /oauth/verify_token/ endpoint now returns the username associated to the valid OAuth token.

FortiAuthenticator on Azure Marketplace

FortiAuthenticator VM image has been submitted to the Microsoft Azure Marketplace. The image will be available in the Azure Marketplace when the submission process is complete.