FortiAuthenticator is designed specifically to provide authentication services for firewalls, SSL and IPsec VPNs, wireless access points, switches, routers, and servers. FortiAuthenticator includes Remote Authentication Dial-In User Service (RADIUS) and Lightweight Directory Access Protocol (LDAPv3) server authentication methods, and Security Assertion Markup Language (SAML), which is used for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP). Authentication servers are an important part of an enterprise network, controlling access to protected network assets, and tracking user activity to comply with security policies.
FortiAuthenticator is not a firewall; it requires either a FortiGate-VM "virtual" or FortiGate "hardware" appliance to provide firewall-related services. Multiple FortiGate appliances can use a single FortiAuthenticator appliance for Fortinet Single Sign-On (FSSO) and other types of remote authentication, two-factor authentication, and FortiToken device management. This centralizes authentication and FortiToken maintenance.
FortiAuthenticator provides an easy-to-configure remote authentication option for FortiGate users. Additionally, it can replace the Fortinet Single Sign-On (FSSO) Agent on a Windows Active Directory (AD) network.