Fortinet black logo

Admin Guide

Create an adaptive authentication policy

Copy Link
Copy Doc ID 0a6c5280-a080-11ee-8673-fa163e15d75b:649550
Download PDF

Create an adaptive authentication policy

  1. From the main menu, click Adaptive Auth > Policy to open the Policy page.
  2. On top of the page, click Add Policy to open the Add New Policy dialog.
  3. Make the desired entries and/or selections, as described in the following table.
  4. Click Confirm.
Parameter Description
Name Specify a unique name for the policy.
Action

Select one of the following:

  • Enforce MFA — By default, the FTC server will require login attempts from the specified source to use MFA.

  • Block — The FTC server will block login attempts from the specified source.

  • Bypass MFA — The FTC server will let the login attempts from the specified source bypass the MFA requirement.

Note: The FTC server takes the specified action when an authentication request matches the policy settings.

Filters

Select the filter

  • Subnet Filter — See Subnet Filter below.

  • Location Filter — See Location Filter below.

  • No Source Filter — Select this option if you do not want to use any filter.

  • Schedule — Check the checkbox to enable scheduling. See Schedule below for details.

Subnet Filter

Note: This option is available only when Subnet Filter is selected in the Filters field above.

Specify the subnet in one of the following formats:

  • IP address, e.g., 10.10.1.1

  • IP range, e.g., 10.10.0.0 - 10.10.10.2

  • CIDR notation, e.g., 10.10.1.0/24

Note: The No IP option is for devices that do not support subnet filtering. If enabled, the policy will be applied to auth requests that do not have IP information.

Location Filter

Note: This option is available only when Location Filter is selected in the Filters field above.

  • Use the list menu to select the countries or regions of interest.

  • Select Unknown Country or Region if the location is unknown.

Schedule

Note: This option becomes available only when Schedule is selected in the Filters field above. Set the schedule using the following parameters:

  • Weekdays — Select the days of the week.

  • Timezone — Select the timezone, which is the timezone of the web browser by default. When an authentication request comes in, the FTC server uses the time of this timezone to match the request.

  • Time Range — Select either All day (default) or a specific time frame of the day. Note: If the start time is less than or equal to the end time, then the time range would be start time — end time; otherwise, the time range would be 0:00 — end time, start time - 23:59.

Create an adaptive authentication policy

  1. From the main menu, click Adaptive Auth > Policy to open the Policy page.
  2. On top of the page, click Add Policy to open the Add New Policy dialog.
  3. Make the desired entries and/or selections, as described in the following table.
  4. Click Confirm.
Parameter Description
Name Specify a unique name for the policy.
Action

Select one of the following:

  • Enforce MFA — By default, the FTC server will require login attempts from the specified source to use MFA.

  • Block — The FTC server will block login attempts from the specified source.

  • Bypass MFA — The FTC server will let the login attempts from the specified source bypass the MFA requirement.

Note: The FTC server takes the specified action when an authentication request matches the policy settings.

Filters

Select the filter

  • Subnet Filter — See Subnet Filter below.

  • Location Filter — See Location Filter below.

  • No Source Filter — Select this option if you do not want to use any filter.

  • Schedule — Check the checkbox to enable scheduling. See Schedule below for details.

Subnet Filter

Note: This option is available only when Subnet Filter is selected in the Filters field above.

Specify the subnet in one of the following formats:

  • IP address, e.g., 10.10.1.1

  • IP range, e.g., 10.10.0.0 - 10.10.10.2

  • CIDR notation, e.g., 10.10.1.0/24

Note: The No IP option is for devices that do not support subnet filtering. If enabled, the policy will be applied to auth requests that do not have IP information.

Location Filter

Note: This option is available only when Location Filter is selected in the Filters field above.

  • Use the list menu to select the countries or regions of interest.

  • Select Unknown Country or Region if the location is unknown.

Schedule

Note: This option becomes available only when Schedule is selected in the Filters field above. Set the schedule using the following parameters:

  • Weekdays — Select the days of the week.

  • Timezone — Select the timezone, which is the timezone of the web browser by default. When an authentication request comes in, the FTC server uses the time of this timezone to match the request.

  • Time Range — Select either All day (default) or a specific time frame of the day. Note: If the start time is less than or equal to the end time, then the time range would be start time — end time; otherwise, the time range would be 0:00 — end time, start time - 23:59.