Hi, I am migrating from classic SSL VPN in fortigate with fortitoken to Forticlient EMS ZTNA. What do I need to enable MFA with EMS/ZTNA?
- Can the client registration to the EMS be done with MFA? or do you just use MFA for access to ZTNA servers?
- do I need fortiauthenticator?
- In order to just have 1 authentication app: Can I use Microsoft Authenticator instead of fortitokens? Do I need fortiauthenticator? Or on the contrary is it better to use fortitoken to access O365?
As far as I'm concerned ZTNA does not do classic MFA. It uses client and device certificates on the back-end as a form of MFA.
ZTNA allows the access to your servers without the need to be connected to a VPN.
If I were you I would just enable MFA on your servers and let ZTNA do its thing.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.