I'd like to use FAC's TACACS+ service. Users will be pulled in from EntraID via SAML. Of course Entra has MFA via MA Authenticator.
What happens in this scenario ? FAC couldn't broker Entra's MFA right ?
Would I need Fortitokens in this case to do MFA ?
Don
Hello again Don,
I found this solution. Can you tell us if it helps, please?
In this scenario, FortiAuthenticator (FAC) cannot broker Microsoft Entra ID's MFA directly. Here's how you can proceed:
TACACS+ Service on FAC: FAC supports TACACS+ for authentication and authorization. However, it does not support challenge/response, meaning MFA needs to be appended to the password.
SAML Integration: FAC can integrate with Microsoft Entra ID via SAML for user authentication. However, it cannot directly enforce or broker the MFA configured in Microsoft Entra ID.
MFA Requirement: If you require MFA for TACACS+ authentication, you would need to use FortiTokens or another MFA solution that FAC supports. This would involve appending the token to the password during login.
In summary, to achieve MFA with TACACS+ on FAC, you would need to use FortiTokens or a similar supported solution, as FAC cannot directly utilize Microsoft Entra ID's MFA.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
