Fortinet black logo

Release Notes

Home FortiAuthenticator 6.4.5 Release Notes

What's new

6.4.5
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.1
5.4.0
5.3.1
5.3.0
5.2.2
5.2.1
5.2.0
5.1.2
5.1.1
5.1.0
5.0.0
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.1
4.2.0
Copy Link
Copy Doc ID 6f1dd90b-0d19-11ed-bb32-fa163e15d75b:568509
Download PDF

What's new

FortiAuthenticator version 6.4.5 includes the following enhancement:

FSSO: Zero trust tunnel related improvements

When a remote LDAP server is configured with zero trust tunnel enabled, FSSO communications to the AD servers go through a zero trust tunnel, including:

  • LDAP binds/queries for domain servers auto-discovery

  • LDAP binds/queries for group lookups

FortiAuthenticator now accepts DC agent connections over TLS. In Fortinet SSO Methods > SSO > General, Require authentication for TS agents (disables DC agent support) in Enable DC/TS Agent Clients has been renamed to Require encryption for DC/TS agents.

FortiAuthenticator now offers a server-side TLS support option so that FortiGate as an FSSO client can be configured to connect to FortiAuthenticator over a TLS connection.

A new Enable encryption toggle in the FortiGate pane in Fortinet SSO Methods > SSO > General.

SAML SP/IdP Proxy: Enforce MFA

FortiAuthenticator can now enforce MFA on remote SAML IdP servers.

FortiAuthenticator now offers a new MFA (https://refeds.org/profile/mfa) authentication context value when creating or editing a remote SAML authentication server in Authentication > Remote Auth. Servers > SAML.

Remote authentication: Restrict authentication to only imported user accounts

When configuring a realm in Authentication > User Management > Realms, FortiAuthenticator now offers a new Restrict authentication to imported user account only option to enable/disable authentication of remote users without an imported account on FortiAuthenticator.

Previous
Next

What's new

FortiAuthenticator version 6.4.5 includes the following enhancement:

FSSO: Zero trust tunnel related improvements

When a remote LDAP server is configured with zero trust tunnel enabled, FSSO communications to the AD servers go through a zero trust tunnel, including:

  • LDAP binds/queries for domain servers auto-discovery

  • LDAP binds/queries for group lookups

FortiAuthenticator now accepts DC agent connections over TLS. In Fortinet SSO Methods > SSO > General, Require authentication for TS agents (disables DC agent support) in Enable DC/TS Agent Clients has been renamed to Require encryption for DC/TS agents.

FortiAuthenticator now offers a server-side TLS support option so that FortiGate as an FSSO client can be configured to connect to FortiAuthenticator over a TLS connection.

A new Enable encryption toggle in the FortiGate pane in Fortinet SSO Methods > SSO > General.

SAML SP/IdP Proxy: Enforce MFA

FortiAuthenticator can now enforce MFA on remote SAML IdP servers.

FortiAuthenticator now offers a new MFA (https://refeds.org/profile/mfa) authentication context value when creating or editing a remote SAML authentication server in Authentication > Remote Auth. Servers > SAML.

Remote authentication: Restrict authentication to only imported user accounts

When configuring a realm in Authentication > User Management > Realms, FortiAuthenticator now offers a new Restrict authentication to imported user account only option to enable/disable authentication of remote users without an imported account on FortiAuthenticator.

Previous
Next