Description This article describes the use of RADIUS Chained Authentication in FortiAuthenticator where 3rd Party Multi-Factor Authentication tokens can be used as 2FA.
Solution RADIUS Chained Authentication is useful for providing FortiAuthenticator services in an environment where 3rd Party Multi-Factor Authentication tokens are already widely deployed. For instance, use chained authentication for administrative access to a FortiGate where in FortiAuthentificator can validate the username/password (Remote LDAP) and rely on the RSA server for token authentication only.
RADIUS Chained Authentication can create under FortiAuthentificator Realm. - Go to Authentication -> User Management -> Realms and create a new entry. Enter the following information:
- Provide a name. - For User source, select the LDAP server from the dropdown. - Enable 'Chained token authentication with remote RADIUS server'. - Select the FortiToken server added as a RADIUS server.
- Optionally, it is possible to configure selected groups are applied with chained token authentication.