FortiAuthenticator version 6.4.5 includes the following enhancement:
When a remote LDAP server is configured with zero trust tunnel enabled, FSSO communications to the AD servers go through a zero trust tunnel, including:
LDAP binds/queries for domain servers auto-discovery
LDAP binds/queries for group lookups
FortiAuthenticator now accepts DC agent connections over TLS. In Fortinet SSO Methods > SSO > General, Require authentication for TS agents (disables DC agent support) in Enable DC/TS Agent Clients has been renamed to Require encryption for DC/TS agents.
FortiAuthenticator now offers a server-side TLS support option so that FortiGate as an FSSO client can be configured to connect to FortiAuthenticator over a TLS connection.
A new Enable encryption toggle in the FortiGate pane in Fortinet SSO Methods > SSO > General.
FortiAuthenticator can now enforce MFA on remote SAML IdP servers.
FortiAuthenticator now offers a new MFA (https://refeds.org/profile/mfa) authentication context value when creating or editing a remote SAML authentication server in Authentication > Remote Auth. Servers > SAML.
When configuring a realm in Authentication > User Management > Realms, FortiAuthenticator now offers a new Restrict authentication to imported user account only option to enable/disable authentication of remote users without an imported account on FortiAuthenticator.