DescriptionThis article describes the use of RADIUS Chained Authentication in FortiAuthenticator where 3rd Party Multi-Factor Authentication tokens can be used as 2FA.SolutionRADIUS Chained Authentication is useful for providing FortiAuthenticator services in an environment where 3rd Party Multi-Factor Authentication tokens are already widely deployed.
For instance, use chained authentication for administrative access to a FortiGate where in FortiAuthentificator can validate the username/password (Remote LDAP) and rely on the RSA server for token authentication only.RADIUS Chained Authentication can create under FortiAuthentificator Realm.- Go to Authentication -> User Management -> Realms and create a new entry. Enter the following information:- Provide a name.- For User source, select the LDAP server from the dropdown.- Enable 'Chained token authentication with remote RADIUS server'.- Select the FortiToken server added as a RADIUS server.
- Optionally, it is possible to configure selected groups are applied with chained token authentication.