Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Totologie
New Contributor

MFA VPN SSL - FGT - LDAP or RADIUS by email

Hello,


Is it possible to setup MFA by email when authentication is by LDAP or RADIUS.

Actually, I use it when user authentication is on the FGT, but I never setup with LDAP or RADIUS.


Personnaly I made configuration with Duo Security it work well ( push)... But the customer does not want to pay for a license :( So I don't have choice to test email solution.

 

Thanks for your help

AB
AB
5 REPLIES 5
seshuganesh
Staff
Staff

Hi Team,

 

Yes its possible, you can use this article for the same:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forticlient-SSLVPN-using-email-two-factor/...

 

First you need to extract the user from ldap to the firewall and enable email based authentication for that user.

 

Totologie

Hello,

I know this tips, but isn't not that.
This tips work when user are declared on Fortigate, and it's working well.
But my authentification use LDAP and / or RADIUS. I have more 300 users on many domains.
So I just want to know if it's possible to use email MFA with LDAP authentification

AB
AB
bpozdena_FTNT

You always have to define the individual LDAP/RADIUS users when you want to enforce 2FA on Fortigate.

 

Bellow is an example of email authentication enabled for LDAP user.

 

config user local
    edit "test_user"
        set type ldap
        set two-factor email
        set email-to "test@example.com"
        set username-sensitivity disable
        set ldap-server "LDAP"
    next
end
HTH,
Boris
Totologie

Ok I will test this week

Thanks

AB
AB
bobdobbs

sorry this is old, but keep in mind that reissuing the MFA token will delete this setting.  I've requested that they add a global default setting but no action yet.

Labels
Top Kudoed Authors