Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Valued Contributor

UPN Authentication vs FAC Realms in Multidomain Setup



we got one customer company running for some time using FAC to authenticate 2 Factor Users in a AD domain forest with about 20 sub-domains. We use realms which match the domain name for the users like or and so on to match the different domains.


Everything is fine with that - but for the ease of use, we would like to globally switch user logon information to using UPN Names where (UPN=external email-address). This would need me to de-configure realms on the FAC an I am not sure, how this would work as using the "@" sign now defines which realm to use?


Can I skip all realms and just use global groups? Has anyone tried something like this yet?