FortiSIEM & Best Practices for 2FA/MFA

Question

Hi everyone,I’m looking to optimize my FortiSIEM setup and have two specific questions:2FA/MFA via External Authentication!I want to add an extra layer of security for my Admin/SupervisorCan the External Authentication in Settings in FortiSIEM be used to provide 2FA/MFA in addition to the standard password?	Which protocol is recommended for this?	If the built-in external auth doesn't support 2FA/MFA natively, what is the best external method or tool (other then FortiAuthenticator or FortiPortal) to implement it?I’d appreciate any feedback on how you've secured your admin accountsThanks!

Secusaurus · Answer

Hi ​@ghr,For external authentication, use SAML, because of two main opportunities:All the MFA-stuff is managed by the SAML Identity Provider (IdP) and you don't need to care about what the FSM can and cannotThe browser-only and IdP-dependency of SAML enables to draw a hard line (e.g. with firewall rules in front of your cluster) between official user and API requests. As the API (e.g. Collector/Agent →Worker) uses TCP/443 and your users use TCP/443, you cannot differentiate them, if they use the usual sign-on processIf SAML is too complex or you don't have an IdP, you'd usually use RADIUS with a RADIUS-server that manages MFA (e.g. FortiAuthenticator). Unfortunately, the FSM login-interface only provides the classic method of packing password and TOTP together in the password-field, which is kind of inconvenient on most password managers.The documentation is very good for details on the configuration:https://docs.fortinet.com/document/fortisiem/7.5.0/user-guide/344292/external-authentication-settingsBest,Christian

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded