Fortinet black logo

FortiTrust Identity 22.4.b Release Notes

Home FortiTrust Identity FortiTrust Identity 22.4.b Release Notes

Limitations of FortiAuthenticator Cloud

Limitations of FortiAuthenticator Cloud

The table lists the features currently unavailable in FortiAuthenticator Cloud, GA v6.4.6, build 1043.

Feature or GUI options

Feature available?

Details of feature

Upgrade, Restore/Backup, Reboot, Shutdown

No

Upgrade, restore, backup, reboot, and shutdown are available via FortiTrust Identity portal.

System > Dashboard

HA Status

N/A

System > Dashboard > Status

Device FQDN

Yes

Device FQDN is read-only.

User Inventory

Yes
  • FortiToken Hardware and FortiToken Mobile are not available.

  • New FortiToken Cloud related option displays number of allowed, assigned, and available users in FortiToken Cloud.

License Information

Yes

Total FortiTrust Identity SMS quota shown on the FortiTrust Identity portal.

System > Network

Interface

No

DNS

No

Static Routing

No

Packet Capture

No

System > Administration

System Access

Yes

  • Public IP/FQDN for FortiToken Mobile field is not available.

  • HTTPS Certificate and CA certificate that issued the server certificate dropdowns are locked with Default-Server-Certificate and Fortinet_CA1_Root respectively.

High Availability

No

Firmware Upgrade

No

Managed via FortiTrust Identity portal.

Config Auto-backup

No

SNMP

No

Licensing

No

Managed via FortiTrust Identity portal.

FortiGuard

No

FortiNACs

No

FTP Servers

No

NetHSMS

N/A

Replacement Messages

Yes

The following replacement messages are not available:

  • FortiToken Request Email Subject

  • FortiToken Request Email Message

  • FortiToken Mobile Activation Email Subject

  • FortiToken Mobile Activation Email Message

  • FortiToken Mobile Activation SMS Message

  • FortiToken Mobile Transfer Email Subject

  • FortiToken Mobile Transfer Email Message

System > Messaging

No

FortiAuthenticator Cloud uses FortiToken Cloud via REST API for SMS services.

FortiAuthenticator Cloud uses FortiToken Cloud SMTP server for email services.

Authentication

RADIUS Service

No

TACACS+ Service

No

LDAP Service

No

FAC Agent

Yes

FortiTrust Identity supports FortiAuthenticator Agents for Microsoft Windows and OWA.

However, offline tokens are not supported for the FortiAuthenticator Agent for Microsoft Windows. Offline tokens support will be added in a future version.

Note: FortiAuthenticator agents cannot be downloaded from FortiAuthenticator Cloud.

To download FortiAuthenticator agents:

  1. Log in to FortiCloud.
  2. In the Support dropdown, select Firmware Download.
  3. In the Select Product dropdown, select FortiAuthenticator.
  4. Select Download and click the FACAgent folder.
  5. In the FACAgent folder, download the FAC_Agent_Setup_vX.X.exe file for FortiAuthenticator Agents for Microsoft Windows, and save the file to your computer.

    Download the FAC_IIS_Agent_Setup_vX.X.exe file for FortiAuthenticator Agent for Microsoft OWA, and save the file to your computer.

  6. Open the file to install.

    For information on installing the agents, see the FortiAuthenticator Agent for Microsoft Windows Install Guide and the FortiAuthenticator Agent for Microsoft OWA Install Guide on the Fortinet Docs Library.

Authentication > User Account Policies

Tokens

No

Managed via FortiToken Cloud.

Authentication > User Management

Local Users

Yes

  • FortiToken Cloud for all OTP authentication.

Note: You can now disable both Password authentication and One-Time Password (OTP) authentication.

  • When editing a local user, the following options are not available:

    • Allow RADIUS authentication

    • Role

    • Allow LDAP browsing

    • TACACS+

Remote Users

Yes

  • FortiToken Cloud for all OTP authentication.

Note: You can now disable both Password authentication and One-Time Password (OTP) authentication.

User Groups

Yes

TACACS+ authorization rule and RADIUS Attributes not available.

FortiTokens

No

FortiToken Cloud for all OTP authentication.

Authentication > Portals > Policies

Captive Portal

No

Requires RADIUS.

Authentication > Portals > Portals

Pre-Login Services

Yes

Non-FortiToken Cloud options are not available.

Post-Login Services

Yes

Non-FortiToken Cloud options are not available.

Authentication > User Management > Remote User Sync Rules

OTP method assignment priority

Yes

Only FortiToken Cloud and None (users are synced explicitly with no token-based authentication) options are available.

Adaptive Authentication

No

FortiToken Cloud is used for Adaptive Authentication management.

Advanced Options

No

Advanced options in self-service portal and OAuth policies are not available.

Authentication > SAML IdP > Service Providers

Application name

for FTM push

notification

No

Fortinet SSO Methods > SSO

Windows Event Log Sources

Yes

RADIUS

Accounting Sources

No

Tiered Architecture

No

SSO MA

Yes

Fortinet SSO

Methods >

Accounting Proxy

No

CLI

No

The table lists the endpoints not available to customers in FortiAuthenticator Cloud.

/radiusclients/

/radiuspolicies/

/radiuspolicyclient/

/tacplusclients/

/tacpluspolicies/

/tacpluspolicyclient/

/fortitokens/

/localusers/[id]/radiusattributes/

/localapiadmin/

/pushauth/

/pushauthresp/

/system/external_ip_fqdn/

/fortiguardmessages/

/fortitokenmobilelicenses/

/smtpservers/

/upgrade/

/recovery/

/scheduledbackupsettings/

/ftpservers/

/logsettings/

/licensing/

/fortitokenmobileprovisioning/

Customers can access the REST API endpoints using the port 443.
Previous
Next

Limitations of FortiAuthenticator Cloud

The table lists the features currently unavailable in FortiAuthenticator Cloud, GA v6.4.6, build 1043.

Feature or GUI options

Feature available?

Details of feature

Upgrade, Restore/Backup, Reboot, Shutdown

No

Upgrade, restore, backup, reboot, and shutdown are available via FortiTrust Identity portal.

System > Dashboard

HA Status

N/A

System > Dashboard > Status

Device FQDN

Yes

Device FQDN is read-only.

User Inventory

Yes
  • FortiToken Hardware and FortiToken Mobile are not available.

  • New FortiToken Cloud related option displays number of allowed, assigned, and available users in FortiToken Cloud.

License Information

Yes

Total FortiTrust Identity SMS quota shown on the FortiTrust Identity portal.

System > Network

Interface

No

DNS

No

Static Routing

No

Packet Capture

No

System > Administration

System Access

Yes

  • Public IP/FQDN for FortiToken Mobile field is not available.

  • HTTPS Certificate and CA certificate that issued the server certificate dropdowns are locked with Default-Server-Certificate and Fortinet_CA1_Root respectively.

High Availability

No

Firmware Upgrade

No

Managed via FortiTrust Identity portal.

Config Auto-backup

No

SNMP

No

Licensing

No

Managed via FortiTrust Identity portal.

FortiGuard

No

FortiNACs

No

FTP Servers

No

NetHSMS

N/A

Replacement Messages

Yes

The following replacement messages are not available:

  • FortiToken Request Email Subject

  • FortiToken Request Email Message

  • FortiToken Mobile Activation Email Subject

  • FortiToken Mobile Activation Email Message

  • FortiToken Mobile Activation SMS Message

  • FortiToken Mobile Transfer Email Subject

  • FortiToken Mobile Transfer Email Message

System > Messaging

No

FortiAuthenticator Cloud uses FortiToken Cloud via REST API for SMS services.

FortiAuthenticator Cloud uses FortiToken Cloud SMTP server for email services.

Authentication

RADIUS Service

No

TACACS+ Service

No

LDAP Service

No

FAC Agent

Yes

FortiTrust Identity supports FortiAuthenticator Agents for Microsoft Windows and OWA.

However, offline tokens are not supported for the FortiAuthenticator Agent for Microsoft Windows. Offline tokens support will be added in a future version.

Note: FortiAuthenticator agents cannot be downloaded from FortiAuthenticator Cloud.

To download FortiAuthenticator agents:

  1. Log in to FortiCloud.
  2. In the Support dropdown, select Firmware Download.
  3. In the Select Product dropdown, select FortiAuthenticator.
  4. Select Download and click the FACAgent folder.
  5. In the FACAgent folder, download the FAC_Agent_Setup_vX.X.exe file for FortiAuthenticator Agents for Microsoft Windows, and save the file to your computer.

    Download the FAC_IIS_Agent_Setup_vX.X.exe file for FortiAuthenticator Agent for Microsoft OWA, and save the file to your computer.

  6. Open the file to install.

    For information on installing the agents, see the FortiAuthenticator Agent for Microsoft Windows Install Guide and the FortiAuthenticator Agent for Microsoft OWA Install Guide on the Fortinet Docs Library.

Authentication > User Account Policies

Tokens

No

Managed via FortiToken Cloud.

Authentication > User Management

Local Users

Yes

  • FortiToken Cloud for all OTP authentication.

Note: You can now disable both Password authentication and One-Time Password (OTP) authentication.

  • When editing a local user, the following options are not available:

    • Allow RADIUS authentication

    • Role

    • Allow LDAP browsing

    • TACACS+

Remote Users

Yes

  • FortiToken Cloud for all OTP authentication.

Note: You can now disable both Password authentication and One-Time Password (OTP) authentication.

User Groups

Yes

TACACS+ authorization rule and RADIUS Attributes not available.

FortiTokens

No

FortiToken Cloud for all OTP authentication.

Authentication > Portals > Policies

Captive Portal

No

Requires RADIUS.

Authentication > Portals > Portals

Pre-Login Services

Yes

Non-FortiToken Cloud options are not available.

Post-Login Services

Yes

Non-FortiToken Cloud options are not available.

Authentication > User Management > Remote User Sync Rules

OTP method assignment priority

Yes

Only FortiToken Cloud and None (users are synced explicitly with no token-based authentication) options are available.

Adaptive Authentication

No

FortiToken Cloud is used for Adaptive Authentication management.

Advanced Options

No

Advanced options in self-service portal and OAuth policies are not available.

Authentication > SAML IdP > Service Providers

Application name

for FTM push

notification

No

Fortinet SSO Methods > SSO

Windows Event Log Sources

Yes

RADIUS

Accounting Sources

No

Tiered Architecture

No

SSO MA

Yes

Fortinet SSO

Methods >

Accounting Proxy

No

CLI

No

The table lists the endpoints not available to customers in FortiAuthenticator Cloud.

/radiusclients/

/radiuspolicies/

/radiuspolicyclient/

/tacplusclients/

/tacpluspolicies/

/tacpluspolicyclient/

/fortitokens/

/localusers/[id]/radiusattributes/

/localapiadmin/

/pushauth/

/pushauthresp/

/system/external_ip_fqdn/

/fortiguardmessages/

/fortitokenmobilelicenses/

/smtpservers/

/upgrade/

/recovery/

/scheduledbackupsettings/

/ftpservers/

/logsettings/

/licensing/

/fortitokenmobileprovisioning/

Customers can access the REST API endpoints using the port 443.
Previous
Next