FortiAuthenticator provides access management and single sign on.
Article Id 198526
This article describes how a network administrator can let different users authenticate with different authentication choices within same group/organization.

In this scenario, there are few users which might require a simple authentication, while for others it is mandatory to do a two-factor authentication.
At the same time others will require to authenticate using FortiTokens.
It makes the configuration tedious to achieve.

This article will provide a simple solution to achieve the scenario.

This works when FortiAuthenticator acts as Radius Server.


In the above image, there are 3 users.
User1 is using a simple authentication while User2 needs to authenticate using FortiToken sent via SMS.

Similarly, there are several Remote Users and it is necessary to assign FortiTokens to them.

Create a group as shown below:

Once done, create a RADIUS policy under Authentication -> RADIUS Service -> Policies.

By selecting 'next', it will reach 'Authentication factors'.

Note all the options available here.
Option named 'Verify all configured authentication factors' will help different users with different authentication mechanisms configured to validate their identity.