Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BastianU
New Contributor

NPS and FortiToken from FAC

Hello,

 

because the limit of 10 user-groups in  our FAC-LIC, i'm looking for a way to use FortiAuthenticator only for 2FA (Token or EMail) verification.

SSLVPN > NPS(User/Group) > FAC(token).

or

SSLVPN > (FAC as Proxy but with Token for LDAP Users is one singe group) > NPS for Groupmembership.

 

NPS=Windoes NPS

 

Has anyone an idea how to solve this?

 

Best regards,

 

Bastian

3 REPLIES 3
rbraha
Staff
Staff

Hi @BastianU 

 

Unfortunately this is not possible to be done with FortiAuthenticator using 2FA method the user database will need to be present on FAC otherwise it cannot validate if the user has token or not to be used as OTP method.

adambomb1219

Agreed.  FAC is a better RADIUS server than NPS anyways so I would just migrate to FAC completely.  

BastianU
New Contributor

Hello together,

first of all, thank you very much for your quick answers. But I found something else here.

looks like it will work this way. First tests are successful.
I'll play with it a bit more before I can say that it works really well.

Top Kudoed Authors