Fortinet black logo

What's new

What's new

FortiAuthenticator version 6.4.0 includes the following enhancement:

User Portal: LDAP users can set their security questions and answers

FortiAuthenticator now allows LDAP users to set up and edit security questions and answers in the user portal similar to local users.

SAML IdP: Support for multiple domains with O365

FortiAuthenticator now allows configuring the SAML IdP service with a Service Provider (SP) containing multiple IdP prefixes.

When creating or editing a SAML SP in Authentication > SAML IdP > Service Providers, you can configure alternate IdP prefixes.

SAML IdP and User Portals: FIDO2 authentication

FortiAuthenticator now offers FIDO (Fast IDentity Online) service for SAML and general API based authentication.

A new fido field is available in localusers, ldapusers, and radiususers endpoints providing the ability to enable or disable FIDO authentication for local and remote user accounts. For information about the new fido field, see the REST API Solutions Guide.

When creating or editing a local or remote user in Authentication > User Management > Local Users/ Remote Users, the following options have been renamed:

  • Password-based authentication to Password authentication.

  • Token-based authentication to One-Time Password (OTP) authentication.

A new FIDO authentication toggle is available that allows using FIDO authenticators.

The Create New/Edit Remote LDAP User Synchronization Rule window in Authentication > User Management > Remote User Sync Rules now has a new FIDO authentication toggle to enable FIDO authentication for synced user accounts. Also, the Token-based authentication sync priorities option in Synchronization Attributes has been renamed to OTP method assignment priority.

A new FIDO Revocation toggle is available in the Pre-Login Services pane when creating or editing a portal in Authentication > Portals > Portals. Token Revocation toggle has been renamed to FortiToken Revocation. It also has new Allow FIDO token registration/revocation toggles for FIDO token management when Token Registration is enabled in the Post-Login Services pane.

A new FIDO authentication (effective once a token has been registered) toggle is available in the Authentication factors tab when creating or editing a captive portal policy or a self-service portal policy in Authentication > Portals > Policies.

The following options have been renamed in the Authentication factors tab:

  • Mandatory two-factor authentication to Mandatory password and OTP.

  • Verify all configured authentication factors to Every configured password and OTP factors.

  • Password-only authentication to Password-only.

  • Token-only authentication to OTP-only.

The above options were also renamed for RADIUS policies and TACACS+ policies in Authentication > RADIUS Service > Policies and Authentication > TACACS+ Service > Policies respectively.

With the inclusion of FIDO authentication, FortiTokens are no longer the only MFA method that can be self-registered. Therefore, the self-service portal main page now offers a Multi-Factor menu item replacing FortiTokens. The Multi-Factor menu item now offers FIDO token management capabilities.

The following replacement messages related to FIDO authentication have been added to Authentication > Portals > Replacement Messages:

  • FIDO Login Page

  • FIDO Login Password Page

  • User Fido Reset Email Subject

  • User Fido Reset Receipt Email Message

When creating or editing a SAML SP in Authentication > SAML IdP > Service Providers, FIDO-only and Password and FIDO authentication methods are now available.

A new Use FIDO-only authentication if requested by the SP toggle is also available.

The following authentication methods have been renamed:

  • Mandatory two-factor authentication to Mandatory password and OTP.

  • Verify all configured authentication factors to Every configured password and OTP factors.

  • Password-only authentication to Password-only.

  • Token-only authentication to OTP-only.

The following replacement messages related to FIDO authentication have been added to Authentication > SAML IdP > Replacement Messages:

  • Login Fido Page (username only)

  • Login Fido Password Page

Guest Portal: Restrict groups available to sponsors

When creating or editing a local user group in Authentication > User Management > User Groups, there is a new Guest Group toggle that allows including or excluding this local user group from the list of groups that sponsors can assign to new guest user accounts.

Format option for mobile number in SMS gateways

When creating or editing an SMS gateway in System > Messaging > SMS Gateways, you can now specify whether the mobile number is sent as a JSON String or JSON Number using the Send Mobile Number as option in HTTP/HTTPS pane.

Ability to unlock FTMs in bulk

Using the new Unlock option in the FortiTokens tab available in Authentication > User Management > FortiTokens, you can unlock all the selected FortiTokens at once.

Usage Profile: Reset the user's usage

A new Clear option to clear the cumulative RADIUS accounting sessions in the Cumulative tab available in Monitor > Authentication > RADIUS Sessions.

What's new

FortiAuthenticator version 6.4.0 includes the following enhancement:

User Portal: LDAP users can set their security questions and answers

FortiAuthenticator now allows LDAP users to set up and edit security questions and answers in the user portal similar to local users.

SAML IdP: Support for multiple domains with O365

FortiAuthenticator now allows configuring the SAML IdP service with a Service Provider (SP) containing multiple IdP prefixes.

When creating or editing a SAML SP in Authentication > SAML IdP > Service Providers, you can configure alternate IdP prefixes.

SAML IdP and User Portals: FIDO2 authentication

FortiAuthenticator now offers FIDO (Fast IDentity Online) service for SAML and general API based authentication.

A new fido field is available in localusers, ldapusers, and radiususers endpoints providing the ability to enable or disable FIDO authentication for local and remote user accounts. For information about the new fido field, see the REST API Solutions Guide.

When creating or editing a local or remote user in Authentication > User Management > Local Users/ Remote Users, the following options have been renamed:

  • Password-based authentication to Password authentication.

  • Token-based authentication to One-Time Password (OTP) authentication.

A new FIDO authentication toggle is available that allows using FIDO authenticators.

The Create New/Edit Remote LDAP User Synchronization Rule window in Authentication > User Management > Remote User Sync Rules now has a new FIDO authentication toggle to enable FIDO authentication for synced user accounts. Also, the Token-based authentication sync priorities option in Synchronization Attributes has been renamed to OTP method assignment priority.

A new FIDO Revocation toggle is available in the Pre-Login Services pane when creating or editing a portal in Authentication > Portals > Portals. Token Revocation toggle has been renamed to FortiToken Revocation. It also has new Allow FIDO token registration/revocation toggles for FIDO token management when Token Registration is enabled in the Post-Login Services pane.

A new FIDO authentication (effective once a token has been registered) toggle is available in the Authentication factors tab when creating or editing a captive portal policy or a self-service portal policy in Authentication > Portals > Policies.

The following options have been renamed in the Authentication factors tab:

  • Mandatory two-factor authentication to Mandatory password and OTP.

  • Verify all configured authentication factors to Every configured password and OTP factors.

  • Password-only authentication to Password-only.

  • Token-only authentication to OTP-only.

The above options were also renamed for RADIUS policies and TACACS+ policies in Authentication > RADIUS Service > Policies and Authentication > TACACS+ Service > Policies respectively.

With the inclusion of FIDO authentication, FortiTokens are no longer the only MFA method that can be self-registered. Therefore, the self-service portal main page now offers a Multi-Factor menu item replacing FortiTokens. The Multi-Factor menu item now offers FIDO token management capabilities.

The following replacement messages related to FIDO authentication have been added to Authentication > Portals > Replacement Messages:

  • FIDO Login Page

  • FIDO Login Password Page

  • User Fido Reset Email Subject

  • User Fido Reset Receipt Email Message

When creating or editing a SAML SP in Authentication > SAML IdP > Service Providers, FIDO-only and Password and FIDO authentication methods are now available.

A new Use FIDO-only authentication if requested by the SP toggle is also available.

The following authentication methods have been renamed:

  • Mandatory two-factor authentication to Mandatory password and OTP.

  • Verify all configured authentication factors to Every configured password and OTP factors.

  • Password-only authentication to Password-only.

  • Token-only authentication to OTP-only.

The following replacement messages related to FIDO authentication have been added to Authentication > SAML IdP > Replacement Messages:

  • Login Fido Page (username only)

  • Login Fido Password Page

Guest Portal: Restrict groups available to sponsors

When creating or editing a local user group in Authentication > User Management > User Groups, there is a new Guest Group toggle that allows including or excluding this local user group from the list of groups that sponsors can assign to new guest user accounts.

Format option for mobile number in SMS gateways

When creating or editing an SMS gateway in System > Messaging > SMS Gateways, you can now specify whether the mobile number is sent as a JSON String or JSON Number using the Send Mobile Number as option in HTTP/HTTPS pane.

Ability to unlock FTMs in bulk

Using the new Unlock option in the FortiTokens tab available in Authentication > User Management > FortiTokens, you can unlock all the selected FortiTokens at once.

Usage Profile: Reset the user's usage

A new Clear option to clear the cumulative RADIUS accounting sessions in the Cumulative tab available in Monitor > Authentication > RADIUS Sessions.