Before any device can connect to the FortiAuthenticator, it must be configured as a RADIUS client and assigned to a RADIUS policy. Until this is done, FortiAuthenticator will ignore authentication requests. You must repeat this process for each device that you wish to authenticate against the FortiAuthenticator.
- In Authentication > RADIUS Service > Clients, click Create New.
- Enter a unique name for the RADIUS client and the IP from which it will be connecting.
This is the IP address of the RADIUS client itself, e.g., FortiGate, not the IP address of the end-user's device.
- Enter a password for Secret.
The secret is a pre-shared secure password that the device, e.g., FortiGate, uses to authenticate to FortiAuthenticator.
- Click OK to save changes to the RADIUS client.
- In Authentication > RADIUS Service > Policies, click Create New.
- For RADIUS clients, enter an identifiable policy name and description, and add the newly created RADIUS client to the policy. Click Next.
- For RADIUS attribute criteria, no settings are required. Click Next.
- For Authentication type, select Password/OTP authentication, and click Next.
- For Identity source, choose a username format, and select the local realm. Click Next.
- For Authentication factors, select Verify all configured authentication factors, and click Next.
In this menu you can also enable the option to Allow FortiToken Mobile push notifications.
- For RADIUS response, review the policy, and click Save and exit.