MFA (RADIUS) configuration
To integrate the RADIUS service with FortiDeceptor:
1. Configure FortiAuthenticator on the RADIUS server side
- Add the radius clients for remote RADIUS service access.
- In FortiAuthenticator, go to Authentication > RADIUS Service > Clients, and click Create New. The Create New Authentication Client window opens.
- Configure the client service settings. For information, see Clients > To configure a RADIUS client in the FortiAuthenticator Administration Guide.
- Click OK.
- Create a radius policy for the radius client you created.
- Go to Authentication > RADIUS Service > Policies, and click Create New. The RADIUS Policy Creation Wizard opens.
- Follow the steps in the wizard to configure the policy. For information, see Policies > To configure a RADIUS policy in the FortiAuthenticator Administration Guide.
- Click OK.
- (Optional) Create or import a FortiToken.
- In FortiAuthenticator, go to Authentication > User Management > FortiTokens and click Create New.
- Create a local user.
- Go to Authentication > Local Users and click Create New.
- Configure the user settings and click OK.
- After the user is created, enable OTP with FortiToken for this local user.
One-Time Password (OTP authentication Enable. Deliver token by FortiToken
- Activate the FortiToken for this user via an email link.
2. Configure the RADIUS user on FortiDeceptor
- Add the RADIUS server.
- In FortiDeceptor, go to System > RADIUS.
- Configure the server settings and click OK.
We recommend enabling Push notification to mobile of applicable to allow users to authorize the login with a mobile device.
- Add the local user you created in FortiAuthenticator.
- Go to System > Administrators and click Create New.
- Configure the Administrator settings and click OK.
- Click Test Login to verify the credentials.