FortiToken Cloud(FTC) Makes Security Easier Than Ever

Why FortiToken Cloud?

Many of today’s most damaging security breaches result from compromised user accounts and passwords. To address this issue, businesses of all sizes are seeking alternatives to password-only authentication. Multifactor authentication (MFA), whether through traditional hardware tokens or increasingly popular mobile software tokens, has become the standard. Previously, implementing and managing MFA deployments was complex. FortiToken Cloud simplifies this process by offering a secure, effective way to manage MFA through an intuitive interface accessible from anywhere. FortiToken Cloud includes tokens for our FortiToken Mobile App, which features PUSH notification and response technology, making the end user experience as simple as swiping or clicking to approve a login.

With FortiToken Cloud we continue to develop new application security features ensures that access to sensitive data and systems is restricted to authorized users only, thereby reducing the risk of unauthorized access, data breaches, and other security threats. The cloud-based nature of FortiToken Cloud also offers flexibility and scalability, making it easier for organizations to manage and deploy authentication solutions across diverse environments and user bases. Here’s are some of the compelling features that enterprise businesses are looking to protect their valuable applications.

Shared Token across Different Applications

An enduser can have the same token for one end-user across different applications. An end-user can be identified by the same username on different applications within the same realm, or by the same email address across different applications.

For instance, if you have a user named "user1" with FTC on FGT, you need to create a new user named "user1" with FTC on FAC. The "user1" on FAC can use the same token as the "user1" on FGT without needing a new token, provided both applications are within the same realm on FTC. Sharing the same username is the default condition for using the same token across different applications on FTC. Alternatively, the same email address can also be used for token sharing on FTC.

Multi-Realm Mode

FortiToken Cloud comes with a default realm. By enabling Multi-realm Mode, the global admin can create custom realms and associate them with applications to better allocate and manage applications and end-users.

If multi-realm mode is enabled, any newly registered application will be assigned to a new realm. If multi-realm mode is disabled, newly registered applications will be assigned to the "default" realm.

While there is no need for new customers to enable Multi-realm Mode, existing customers must enable it to take advantage of its benefits. When Multi-realm Mode is enabled, you can create custom realms and assign applications to them. You must assign an application to a custom realm to add users to and sync users from it. Otherwise, it will be assigned to the default realm where you cannot assign users to or sync users from it.

Auto Alias/ A Single FTC user in Multiple Applications

Enabling the auto-alias feature in FortiToken Cloud allows FortiToken users to use a single email address with different usernames across various applications or domains. With this feature, a single FTC user can have different usernames in different authentication clients while using the same token. The purpose of this feature is to attribute different usernames to the same user, ensuring that only one token is assigned.

Adaptive Authentication

Adaptive Authentication is another valuable enterprise security feature that uses various login attempt parameters, such as IP address, time of day, and geographic location. FortiToken Cloud allows the bypassing OTP authentication under certain conditions while rejecting attempts deemed riskier.

When a request to bypass OTP verification for MFA authentication is received, the FTC server evaluates the situation. It decides whether to permit the bypass based on pre-configured OTP verification criteria, such as trusted subnets, geographic locations, times of day, or days of the week. Token bypass is granted if the end user's IP address falls within a trusted subnet, matches a designated geographic location, or conforms to an expected time schedule. If these conditions are not met, token bypass is denied for the end user.

IDP Proxy for Seamless SAML and OIDC Integration

A SAML IdP Proxy serves as a bridge or gateway connecting a federation of SAML Identity Providers (IdPs) with a federation of SAML Service Providers (SPs). Managing multiple SP and IdP deployments can be challenging. Our FortiToken IDP Proxy simplifies this process by seamlessly integrating with SAML and OIDC protocols. For Service Providers (SPs), the IdP Proxy acts as a standard Identity Provider (IdP), and for an Identity Provider (IdP), it functions as an SP. This dual functionality consolidates the capabilities of both an IdP and an SP. With FTC supporting SAML and OIDC IdP interfaces, applications can easily integrate into the FTC SaaS service using existing SSO protocols. This integration streamlines connectivity within the Forti ecosystem, which already supports SAML login. This approach eliminates the need for bespoke integration between FortiDevices and FTC when utilizing SAML SP for authentication. Moreover, FTC can introduce advanced functionalities such as FIDO and adaptive authentication without necessitating downstream updates or support.

SCIM Integration Support

For SCIM integration support, FortiToken Cloud now integrates with SCIM client applications. SCIM, is an open standard for cloud-based user provisioning. With Fortitoken Cloud and SCIM Integration we can integrate to 1 or more SCIM clients. We are fully integrated with Okta, Azure Entra ID or with Fortiauthenticator cloud. The greatest benefit you can get from SCIM integration is that it provides a standardized, secure methodology for exchanging information between IT systems. This ensures interoperability across domains without expensive custom integrations.

Passkey Support

Passkeys are becoming the norm for enhanced protection in many sites. Passkey support has been integrated into FTC using WebAuth, aligned with the FIDO2 specifications. Web Authentication (WebAuth), a key component of FIDO2, introduces a web-based API that enables websites to enhance their login pages with FIDO-based authentication on compatible browsers and platforms.With passkey support in FTC, customers can adhere to elevated security standards and safeguard their organizations against cyber threats such as phishing attacks.

Fortinet Security

With the sustained support and cutting-edge advancements from Fortinet, our solution incorporates a diverse array of security technologies and practices, all designed to comprehensively safeguard critical applications from evolving threats.

Fortinet's FortiToken Cloud security solutions with the integration of the Fortinet Security Fabric are pivotal to an enterprise's success, providing essential protection and ensuring resilience against cyber threats. The Fortinet Security Fabric stands out as a comprehensive framework that integrates a broad spectrum of security technologies and practices. It offers robust application security across all networked applications, ensuring that every aspect of your digital environment is safeguarded. This unified approach not only enhances the security posture of your organization but also simplifies management and response, allowing you to focus on achieving your business objectives with confidence.For additional details on the FortiToken Cloud solution, visit our website to access a free trial at https://ftc.fortinet.com/.