FortiToken Cloud New Features

Many of today’s most damaging security breaches result from compromised user accounts and passwords. To address this issue, businesses of all sizes are seeking alternatives to password-only authentication. Multifactor authentication (MFA), whether through traditional hardware tokens orr mobile software tokens, or increasingly popular passkeys for passwordless authentication, has become the standard. Previously, implementing and managing MFA deployments was complex. FortiToken Cloud simplifies this process by offering a secure, effective way to manage MFA through an intuitive interface accessible from anywhere. FortiToken Cloud includes tokens for our FortiToken Mobile App, which features PUSH notification and response technology, making the end user experience as simple as swiping or clicking to approve a login. 

With FortiToken Cloud we continue to develop new application security features that ensure access to sensitive data and systems is restricted to authorized users only, thereby reducing the risk of unauthorized access, data breaches, and other security threats. The cloud-based nature of FortiToken Cloud also offers flexibility and scalability, making it easier for organizations to manage and deploy authentication solutions across diverse environments and user bases. Here’s are some of the compelling features that enterprise businesses are looking to protect their valuable applications. 

Single User/Token across Different Applications  

An enduser can have the same token for authentication to different applications. An end-user can be identified by the same username on different applications within the same realm, or by the same email address across different applications, or by aliasing different usernames under a common alias. 

For example, if you have a FTC user named "user1"  on FGT, and  a user named "user1"  on FAC,   "user1" on FAC can use the same token as the "user1" on FGT without needing a new token, provided both applications are within the same realm on FTC. Sharing the same username is the default condition for using the same token across different applications on FTC. Alternatively, the same email address can also be used for token sharing on FTC.  You can even alias users with different usernames and email addresses under the same user alias. 

Multi-Realm Mode  

FortiToken Cloud comes with a default realm. By enabling Multi-realm Mode, the global admin can create custom realms and associate them with applications to better allocate and manage applications and end-users. 

If multi-realm mode is enabled, any newly registered application will be assigned to a new realm. If multi-realm mode is disabled, newly registered applications will be assigned to the "default" realm.  

While there is no need for new customers to enable Multi-realm Mode, existing customers must enable it to take advantage of its benefits. When Multi-realm Mode is enabled, you can create custom realms and assign applications to them. You must assign an application to a custom realm to add users to and sync users from it. Otherwise, it will be assigned to the default realm where you cannot assign users to or sync users from it. 

Adaptive Authentication  

Adaptive Authentication is another valuable enterprise security feature that uses various login attempt parameters, such as IP address, time of day, and geographic location. FortiToken Cloud allows the bypassing OTP authentication under certain conditions while rejecting attempts deemed riskier. 

When a request to bypass OTP verification for MFA authentication is received, the FTC server evaluates the situation. It decides whether to permit the bypass based on pre-configured OTP verification criteria, such as trusted subnets, geographic locations, times of day, or days of the week. Token bypass is granted if the end user's IP address falls within a trusted subnet, matches a designated geographic location, or conforms to an expected time schedule. If these conditions are not met, token bypass is denied for the end user. 

IDP Proxy for Seamless SAML and OIDC Integration 

A SAML IdP Proxy serves as a bridge or gateway connecting a federation of SAML Identity Providers (IdPs) with a federation of SAML Service Providers (SPs).  Managing multiple SP and IdP deployments can be challenging. Our FortiToken IDP Proxy simplifies this process by seamlessly integrating with SAML and OIDC protocols. For Service Providers (SPs), the IdP Proxy acts as a standard Identity Provider (IdP), and for an Identity Provider (IdP), it functions as an SP. This dual functionality consolidates the capabilities of both an IdP and an SP.

With FTC supporting SAML and OIDC IdP interfaces, applications can easily integrate into the FTC SaaS service using existing SSO protocols. This integration streamlines connectivity within the Forti ecosystem, which already supports SAML login. This approach eliminates the need for bespoke integration between FortiDevices and FTC when utilizing SAML SP for authentication. Moreover, FTC can introduce advanced functionalities such as FIDO and adaptive authentication without necessitating downstream updates or support. 

SCIM Integration Support  

For SCIM integration support, FortiToken Cloud now integrates with SCIM client applications. SCIM, is an open standard for cloud-based user provisioning. With Fortitoken Cloud and SCIM Integration we can integrate to 1 or more SCIM clients. We are fully integrated with Okta, Azure Entra ID or with Fortiauthenticator cloud. The greatest benefit you can get from SCIM integration is that it provides a standardized, secure methodology for exchanging information between IT systems. This ensures interoperability across domains without expensive custom integrations. 

Passkey support  

Passkeys are becoming the norm for enhanced protection in many sites. Passkey support has been integrated into FTC using WebAuth, aligned with the FIDO2 specifications. Web Authentication (WebAuth), a key component of FIDO2, introduces a web-based API that enables websites to enhance their login pages with FIDO-based authentication on compatible browsers and platforms.With passkey support in FTC, customers can adhere to elevated security standards and safeguard their organizations against cyber threats such as phishing attacks.  

Try out the FortiToken Cloud with a Free 30-Day Trial! 

If you’re registered with FortiCloud on support.fortinet.com, your journey just got even better. When you log into the FTC portal at ftc.fortinet.com for the first time, you'll automatically activate your 30-day free trial license—no additional steps needed. 

Here's What You Get with Your Free Trial: 

For FortiCloud Premium Accounts: Enjoy robust support for up to 25 end-users and 25 realms. Experience the full power of FortiToken Cloud, tailored for your premium account. For FortiCloud Non-Premium Accounts: Benefit from up to 5 end-users and 5 realms, offering you a taste of FTC's essential features. 

Please Note: Free trial licenses do not include SMS support. 

Conclusion:

With the sustained support and cutting-edge advancements from Fortinet, our solution incorporates a diverse array of security technologies and practices, all designed to comprehensively safeguard critical applications from evolving threats. Fortinet's security solutions are pivotal to an enterprise's success, providing essential protection and ensuring resilience against cyber threats. The Fortinet Security Fabric stands out as a comprehensive framework that integrates a broad spectrum of security technologies and practices. It offers robust application security across all networked applications, ensuring that every aspect of your digital environment is safeguarded. This unified approach not only enhances the security posture of your organization but also simplifies management and response, allowing you to focus on achieving your business objectives with confidence.  

For additional details on the FortiToken Cloud solution, visit our website to access a free trial at https://ftc.fortinet.com/.