Licensing
FortiAuthenticator-VM works in evaluation mode until it is licensed. In evaluation mode, only a limited number of users can be configured on the system. To expand this capability, a stackable license can be applied to the system to increase both the user count, and all other metrics associated with the user count.
When a license is purchased, a registration code is provided. Go to support.fortinet.com and register your device by entering the registration code. You are asked for the IP address of your FortiAuthenticator device, and are then provided with a license key.
Ensure that the IP address specified while registering your unit is configured on one of the device’s network interfaces, then upload the license key to your FortiAuthenticator-VM.
The License Information widget shows the current state of the device license. See License information widget.
To license FortiAuthenticator:
- Register your device at the Fortinet Support website.
- Ensure that one of your device’s network interfaces is configured to the IP address specified during registration.
- Go to System > Administration > Licensing.
- Select Upload a File and locate the license file you received from Fortinet.
- Select Upload.
FortiAuthenticator licenses
FortiAuthenticator licenses include the following components:
- Maximum number of users (FortiAuthenticator-VM models only).
- Maximum number of SSO Mobility Agent clients (all models).
- Expiry date (trial licenses only; full licenses are perpetual).
FortiAuthenticator-VM licenses with user limits:
FortiAuthenticator-VM licenses include a user limit which applies to:
- The number of user accounts configured on the FortiAuthenticator (local and remote users combined).
- The number of concurrent FSSO sessions.
- The maximum limits on all other configuration objects are derived as a ratio to the maximum number of users.
SSO Mobility Agent (SSOMA) client limits:
The SSOMA client component is only required for scenarios where you are doing FSSO with SSOMA clients. It determines how many SSOMA clients can concurrently have active FSSO sessions on the FortiAuthenticator.
The FortiAuthenticator sets the maximum number of SSOMA clients to the lowest of these values from its onboard license:
- Maximum FortiClient SSO
- Maximum users
SSOMA, FTM, and SMS licenses are purchased separately, and these limits do not scale with the FortiAuthenticator license user limit. |
Licensing FortiAuthenticator HA units
Primary HA cluster: Each FortiAuthenticator unit is required to have its own license. Both units must have the same license size (users and SSOMA clients).
HA load-balancer: The HA load-balancer needs to have a user license size big enough to be able to replicate the configuration from the primary. While this means a load-balancer could have a smaller license than the primary, administrators must be careful to not undersize load-balancer licenses. The size of the SSOMA license can be different from the primary, depending on which FortiAuthenticator node the SSOMA clients will be connecting to.