Fortinet black logo

Agent for Microsoft Windows

Home FortiAuthenticator 6.1.0 Agent for Microsoft Windows

Optional configuration settings

6.1.0
6.2.0
6.1.2
6.1.0
6.0.0
Copy Link
Copy Doc ID 72346260-aa62-11ea-8b7d-00505692583a:19573
Download PDF

Optional configuration settings

FortiAuthenticator Agent for Microsoft Windows includes a range of settings specific to the behavior in the event of failure and when recovery is required. These features are described below.

Timeout

Timeout configures the behavior to adopt should the FortiAuthenticator become unavailable or slow to respond. The timeout for which a request is considered to be unresponsive is set to five seconds and three consecutive requests will be made resulting in 15 seconds required for an unavailable system to time out. These default settings can be customized to make the system time out sooner or later if necessary.

Cached credentials

The cached credentials configuration details how the system should behave if the device is away from the domain and the domain controller is not available to process the login. In this situation cached credentials can be allowed by the administrator to enable users to continue working, such as when at home. Cached credentials are accepted for the validity period specified, after which time the user must return to the domain and properly authenticate.

Override users

Override users are users whose tokens can be used to log other users into their systems. The purpose of such an override is to allow emergency access to a system when a user token is not available (e.g. lost, forgotten, or misplaced).

When this feature is enabled, the user can log in with the Administrator Override checkbox enabled. This creates an additional dialog during the login process to enter the Administrator Name that corresponds to the override OTP token.

Exempt users and groups

If local administrators are removed from Windows, and all domain users are protected by two factor authentication, but the Agent/FortiAuthenticator are incorrectly configured, this can lead to issues where users are permanently locked out of the system — this may require a system reinstallation. It is therefore recommended that at least one exempt user is configured who can log in without the need to enter a two-factor authentication token. You may also exempt user groups.

Exempt users can log in and recover any misconfiguration, avoiding the need for reinstallation of the operating system.

Contact secondary FortiAuthenticator for load-balancing HA

The agent can be set to try to reach a secondary FortiAuthenticator if the primary is unreachable. When configured, the primary and secondary are used round-robin style (for retries) upon each authentication.

Default domain for logon

The log on screen can be set to a default domain. Select from either None, Most Recent, or select a specific domain from the dropdown list available on the computer. For more information, see the Installation parameters.

Previous
Next

Optional configuration settings

FortiAuthenticator Agent for Microsoft Windows includes a range of settings specific to the behavior in the event of failure and when recovery is required. These features are described below.

Timeout

Timeout configures the behavior to adopt should the FortiAuthenticator become unavailable or slow to respond. The timeout for which a request is considered to be unresponsive is set to five seconds and three consecutive requests will be made resulting in 15 seconds required for an unavailable system to time out. These default settings can be customized to make the system time out sooner or later if necessary.

Cached credentials

The cached credentials configuration details how the system should behave if the device is away from the domain and the domain controller is not available to process the login. In this situation cached credentials can be allowed by the administrator to enable users to continue working, such as when at home. Cached credentials are accepted for the validity period specified, after which time the user must return to the domain and properly authenticate.

Override users

Override users are users whose tokens can be used to log other users into their systems. The purpose of such an override is to allow emergency access to a system when a user token is not available (e.g. lost, forgotten, or misplaced).

When this feature is enabled, the user can log in with the Administrator Override checkbox enabled. This creates an additional dialog during the login process to enter the Administrator Name that corresponds to the override OTP token.

Exempt users and groups

If local administrators are removed from Windows, and all domain users are protected by two factor authentication, but the Agent/FortiAuthenticator are incorrectly configured, this can lead to issues where users are permanently locked out of the system — this may require a system reinstallation. It is therefore recommended that at least one exempt user is configured who can log in without the need to enter a two-factor authentication token. You may also exempt user groups.

Exempt users can log in and recover any misconfiguration, avoiding the need for reinstallation of the operating system.

Contact secondary FortiAuthenticator for load-balancing HA

The agent can be set to try to reach a secondary FortiAuthenticator if the primary is unreachable. When configured, the primary and secondary are used round-robin style (for retries) upon each authentication.

Default domain for logon

The log on screen can be set to a default domain. Select from either None, Most Recent, or select a specific domain from the dropdown list available on the computer. For more information, see the Installation parameters.

Previous
Next