Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
Sheikh
Staff
Staff

Created on ‎10-17-2022 12:58 AM Edited on ‎05-12-2025 09:05 PM By Staff

Article Id 226796

Technical Tip: Smart card PIN authentication with FortiAuthenticator Agent 4.x

Description This article describes how to allow Smartcard PIN authentication using FortiAuthenticator agent version 4.x.
Scope FortiAuthenticator Agent, Windows 10 & Windows 11.
Solution

In this case, FortiAuthenticator Agent 4.x is installed on Windows 10 or Windows 11.

 

Disable 'Permit Build-In Password providers' under 'Credential Provider Options' in FortiAuthenticator Agent settings. This setting works fine for logging into Windows directly or via a remote desktop session.

 

Disabling built-in password providers removes the Microsoft default logon mechanism, which precludes any user from being able to log in the event that the FortiAuthenticator Agent malfunctions or prevents access to the system (possibly even in safe mode). We recommend having at least one exempt user with administrative access to allow you to bypass the FortiAuthenticator Agent in such situations.

 

Sheikh_0-1665936652196.png

 

Now, in this case, there is another application or website that requires a smart card or physical token authentication.

 

The following pop-up window will appear without showing an option to enter credentials.

 

Sheikh_1-1665936976007.png

 

In this scenario, it is necessary to make some entries in the Windows registry to allow the Windows pop-up to present an option to enter credentials.

  

On Windows 10 and Windows 11 Machines.

 

Go to the Windows registry and add the following entry: 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FAC_Agent_v1.0\


Create a new STRING 'sz' value, with the name 'CredentialProvidersWhiteList', and then add the following entries:

 

{1b283861-754f-4022-ad47-a5eaaa618894}{C885AA15-1764-4293-B82A-0586ADD46B35}


It is also possible to add entries comma-separated (adding a comma in between brackets).

 

{1b283861-754f-4022-ad47-a5eaaa618894},{C885AA15-1764-4293-B82A-0586ADD46B35}

 

If it does not work then proceed as below:

 

Go to the Windows registry and add the following entry:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FAC_Agent_v1.0\


Remove the old entry and create a new STRING 'sz' value, with the name 'CredentialProvidersWhiteList' and then add the following Smart card PIN Provider GUID entry. GUID may vary depending on environment. 

 

{94596c7e-3744-41ce-893e-bbf09122f76a}

 

Otherwise, modify an existing 'CredentialProvidersWhiteList' STRING 'sz' and replace the existing entries with the value given above.

 

After creating the entry mentioned above, now when trying to access any website that requires smart card authentication or PIN access then the pop-up Window will be shown and prompt to enter credentials.

 

Sheikh_2-1665937109777.png

 

Related document:

FortiAuthenticator Agent for Microsoft Windows 4.2 Install Guide
2205
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.