Fortinet black logo

Administration Guide

Authentication configurations

Copy Link
Copy Doc ID 1ce38eeb-8119-11eb-9995-00505692583a:141331
Download PDF

Authentication configurations

Authentication configurations define authentication methods for connecting hosts and users. Users can enable hosts to authenticate using a specific authentication method, define authentication duration, and require reauthentication after a defined time period. The authentication configuration that is assigned to a particular host is determined by the pairing of an authentication configuration and a user/host profile within an authentication policy.

Enabling authentication allows the Administrator to determine whether or not hosts connecting to the network will be forced to authenticate. Hosts can be forced to reauthenticate after a specified period of time.

Settings

Field

Definition

Add Filter

Allows you to select a field from the current view to filter information. Select the field from the drop-down list, and then enter the information you wish to filter.

Update Button

Displays the filtered data in the table.

Table columns

Name

The name of the authentication configuration.

Time in Production before Authentication

When a user is waiting to authenticate, the host remains in the production VLAN until this time expires. If the user fails to authenticate within the time specified, the host is moved to the authentication VLAN.

Time Offline before Deauthentication

Once the host is offline, the user will remain authenticated for this period of time. If the host comes back online before the time period ends, the user will not need to re-authenticate. If the host comes back online after the time period ends, the user will be required to re-authenticate. Hosts which don't match a User/Host profile that is associated with an authentication policy Configuration will be deauthenticated after the system default time of 10 minutes. To ensure that all hosts get an authentication policy, create a "Catch All" User/Host profile and associate it to an authentication configuration.

Reauthentication Frequency

When set, this forces users to re-authenticate after the amount of timedefined in this field passes since the last authentication regardless of the host's state. The host is moved to the authentication VLAN.

Authentication Method

When enabled, the selected authentication method will override all other authentication methods configured in the portal, guest/contractor template, and Persistent Agent Credential configuration.

Invalid Credentials Method

Enables you to modify the error message displayed in the Portal and Persistent Agent when a user fails to successfully authenticate.

Note

User-defined information about the policy configuration.

Last Modified By

User name of the last user to modify the policy configuration.

Last Modified Date

Date and time of the last modification to this policy.

Right click options

Delete

Deletes the selected authentication configuration.

Modify

Opens the modify authentication configuration window for the selected configuration. See Add or modify a policy

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Audit Logs.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Authentication configurations

Authentication configurations define authentication methods for connecting hosts and users. Users can enable hosts to authenticate using a specific authentication method, define authentication duration, and require reauthentication after a defined time period. The authentication configuration that is assigned to a particular host is determined by the pairing of an authentication configuration and a user/host profile within an authentication policy.

Enabling authentication allows the Administrator to determine whether or not hosts connecting to the network will be forced to authenticate. Hosts can be forced to reauthenticate after a specified period of time.

Settings

Field

Definition

Add Filter

Allows you to select a field from the current view to filter information. Select the field from the drop-down list, and then enter the information you wish to filter.

Update Button

Displays the filtered data in the table.

Table columns

Name

The name of the authentication configuration.

Time in Production before Authentication

When a user is waiting to authenticate, the host remains in the production VLAN until this time expires. If the user fails to authenticate within the time specified, the host is moved to the authentication VLAN.

Time Offline before Deauthentication

Once the host is offline, the user will remain authenticated for this period of time. If the host comes back online before the time period ends, the user will not need to re-authenticate. If the host comes back online after the time period ends, the user will be required to re-authenticate. Hosts which don't match a User/Host profile that is associated with an authentication policy Configuration will be deauthenticated after the system default time of 10 minutes. To ensure that all hosts get an authentication policy, create a "Catch All" User/Host profile and associate it to an authentication configuration.

Reauthentication Frequency

When set, this forces users to re-authenticate after the amount of timedefined in this field passes since the last authentication regardless of the host's state. The host is moved to the authentication VLAN.

Authentication Method

When enabled, the selected authentication method will override all other authentication methods configured in the portal, guest/contractor template, and Persistent Agent Credential configuration.

Invalid Credentials Method

Enables you to modify the error message displayed in the Portal and Persistent Agent when a user fails to successfully authenticate.

Note

User-defined information about the policy configuration.

Last Modified By

User name of the last user to modify the policy configuration.

Last Modified Date

Date and time of the last modification to this policy.

Right click options

Delete

Deletes the selected authentication configuration.

Modify

Opens the modify authentication configuration window for the selected configuration. See Add or modify a policy

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Audit Logs.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.