Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

What's new

FortiAuthenticator version 6.4.5 includes the following enhancement:

FSSO: Zero trust tunnel related improvements

When a remote LDAP server is configured with zero trust tunnel enabled, FSSO communications to the AD servers go through a zero trust tunnel, including:

  • LDAP binds/queries for domain servers auto-discovery

  • LDAP binds/queries for group lookups

FortiAuthenticator now accepts DC agent connections over TLS. In Fortinet SSO Methods > SSO > General, Require authentication for TS agents (disables DC agent support) in Enable DC/TS Agent Clients has been renamed to Require encryption for DC/TS agents.

FortiAuthenticator now offers a server-side TLS support option so that FortiGate as an FSSO client can be configured to connect to FortiAuthenticator over a TLS connection.

A new Enable encryption toggle in the FortiGate pane in Fortinet SSO Methods > SSO > General.

SAML SP/IdP Proxy: Enforce MFA

FortiAuthenticator can now enforce MFA on remote SAML IdP servers.

FortiAuthenticator now offers a new MFA (https://refeds.org/profile/mfa) authentication context value when creating or editing a remote SAML authentication server in Authentication > Remote Auth. Servers > SAML.

Remote authentication: Restrict authentication to only imported user accounts

When configuring a realm in Authentication > User Management > Realms, FortiAuthenticator now offers a new Restrict authentication to imported user account only option to enable/disable authentication of remote users without an imported account on FortiAuthenticator.

What's new

FortiAuthenticator version 6.4.5 includes the following enhancement:

FSSO: Zero trust tunnel related improvements

When a remote LDAP server is configured with zero trust tunnel enabled, FSSO communications to the AD servers go through a zero trust tunnel, including:

  • LDAP binds/queries for domain servers auto-discovery

  • LDAP binds/queries for group lookups

FortiAuthenticator now accepts DC agent connections over TLS. In Fortinet SSO Methods > SSO > General, Require authentication for TS agents (disables DC agent support) in Enable DC/TS Agent Clients has been renamed to Require encryption for DC/TS agents.

FortiAuthenticator now offers a server-side TLS support option so that FortiGate as an FSSO client can be configured to connect to FortiAuthenticator over a TLS connection.

A new Enable encryption toggle in the FortiGate pane in Fortinet SSO Methods > SSO > General.

SAML SP/IdP Proxy: Enforce MFA

FortiAuthenticator can now enforce MFA on remote SAML IdP servers.

FortiAuthenticator now offers a new MFA (https://refeds.org/profile/mfa) authentication context value when creating or editing a remote SAML authentication server in Authentication > Remote Auth. Servers > SAML.

Remote authentication: Restrict authentication to only imported user accounts

When configuring a realm in Authentication > User Management > Realms, FortiAuthenticator now offers a new Restrict authentication to imported user account only option to enable/disable authentication of remote users without an imported account on FortiAuthenticator.