Description This article describes the use of RADIUS Chained Authentication in FortiAuthenticator where 3rd Party Multi-Factor Authentication tokens can be used as 2FA.
Solution RADIUS Chained Authentication is useful for providing FortiAuthenticator services in an environment where 3rd Party Multi-Factor Authentication tokens are already widely deployed. For instance, use chained authentication for administrative access to a FortiGate where in FortiAuthentificator can validate the username/password (Remote LDAP) and rely on the RSA server for token authentication only.
RADIUS Chained Authentication can create under FortiAuthentificator Realm. - Go to Authentication -> User Management -> Realms and create a new entry. Enter the following information:
- Provide a name. - For User source, select the LDAP server from the dropdown. - Enable 'Chained token authentication with remote RADIUS server'. - Select the FortiToken server added as a RADIUS server.
- Optionally, it is possible to configure selected groups are applied with chained token authentication.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.