Explorer

Solved

application access using FortiToken and FAC

Forum|Forum|4 years ago
January 28, 2022
1 reply
3072 views

Hello Fellas,

I have my own lab wherein FG, FToken and FAC takes placed. In my own experience, fortitoken and fac are commonly used for the ff areas; ssl/ipsec vpn, wireless internet acces, and FG administration.

Is anyone here able to explore other functions aside I mentioned above? Or can I use my Ftoken and FAC for RDP access, Applications access and etc?

appreciate if anyone could share their experience with those products.

Best answer by Debbie_FTNT

Hey RF,

there aren't really any FortiAuthenticator cookbooks specifically (we do have some in conjunction with FortiGate).

In broad strokes:
SAML: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/817031/saml-idp
Agents: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/255270/fortiauthenticator-agents

FSSO: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/454928/fortinet-single-sign-on

Debbie_FTNT

Staff & Editor

Hey R_F,

very broadly, you can use FAC and FTK combination to force 2FA auth for these things as well:

- Windows login (including RDP, or limited to RDP only)

- OWA login

-> requires a domain structure and Windows/OWA agent to run on the host/Exchange server

- SAML authentication

-> any application you configure with SAML authentication, you could point to FAC as IdP

-> FAC would require username/password and token from the user as appropriate

- in most places where you can introduce some kind of authentication (RADIUS/SAML especially), you should be able to point back to FAC as authentication server

There is also the FSSO side; FAC can gather login information from multiple sources (windows event logs, radius accounting, syslog) and share that with FGT, which can then match users to policies for granular control.

Hope that helps!

R_FAuthor

Explorer

hi Debbie, apology for late revert.

Can you share some useful links/documents on how to achieve those?

thanks

Debbie_FTNTAnswer

Staff & Editor

Hey RF,

there aren't really any FortiAuthenticator cookbooks specifically (we do have some in conjunction with FortiGate).

In broad strokes:
SAML: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/817031/saml-idp
Agents: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/255270/fortiauthenticator-agents

FSSO: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/454928/fortinet-single-sign-on

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded