Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
matanaskovic
Staff
Staff

Created on ‎11-08-2019 06:53 AM Edited on ‎08-06-2023 11:09 PM By Moderator

Article Id 189637

Technical Tip: FortiAuthenticator realm based authentication

Description


This article describes how users can authenticate with 'user@domain-name' as the username on a FortiAuthenticator.

 

Scope

 

Any supported version of FortiAuthenticator.


Solution

 

The objective in this example is to authenticate user 'administrator' against the domain 'forti.lab'.

The username is 'administrator@forti.lab'.

 

  1. Create a realm. The realm should match the exact name of the domain. Select the LDAP server as the source. In this case, 'forti.lab' is used.
 
 
For more information regarding realms, see this article: Technical Tip: Realm-based authentication with local and remote users.
 
  1. Create a RADIUS client here, FortiGate/NAS is used as a radius client on FortiAuthenticator, and the realm is selected as the option for the authentication source.

    Note: The default is still left with FortiAuthenticator local DB.
 
 
Next, authenticate with the domain name.
 
Using RADIUS debugging, it is possible to verify the authentication. 
 
Stephen_G_0-1691141703606.png
6423
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.