Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
R_F
New Contributor III

application access using FortiToken and FAC

Hello Fellas,

 

I have my own lab wherein FG, FToken and FAC takes placed. In my own experience, fortitoken and fac are commonly used for the ff areas; ssl/ipsec vpn, wireless internet acces, and FG administration.

 

Is anyone here able to explore other functions aside I mentioned above? Or can I use my Ftoken and FAC for RDP access, Applications access and etc?

 

appreciate if anyone could share their experience with those products.

1 Solution
Debbie_FTNT

Hey RF,

there aren't really any FortiAuthenticator cookbooks specifically (we do have some in conjunction with FortiGate).

In broad strokes:
SAML: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/817031/saml-idp
Agents: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/255270/fortiauthent...

FSSO: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/454928/fortinet-sin...

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

3 REPLIES 3
Debbie_FTNT
Staff
Staff

Hey R_F,

very broadly, you can use FAC and FTK combination to force 2FA auth for these things as well:

- Windows login (including RDP, or limited to RDP only)

- OWA login

-> requires a domain structure and Windows/OWA agent to run on the host/Exchange server

- SAML authentication

-> any application you configure with SAML authentication, you could point to FAC as IdP

-> FAC would require username/password and token from the user as appropriate

- in most places where you can introduce some kind of authentication (RADIUS/SAML especially), you should be able to point back to FAC as authentication server

 

There is also the FSSO side; FAC can gather login information from multiple sources (windows event logs, radius accounting, syslog) and share that with FGT, which can then match users to policies for granular control.

 

Hope that helps!

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
R_F
New Contributor III

hi Debbie, apology for late revert.

Can you share some useful links/documents on how to achieve those?

 

thanks

Debbie_FTNT

Hey RF,

there aren't really any FortiAuthenticator cookbooks specifically (we do have some in conjunction with FortiGate).

In broad strokes:
SAML: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/817031/saml-idp
Agents: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/255270/fortiauthent...

FSSO: https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/454928/fortinet-sin...

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++