Hello,
because the limit of 10 user-groups in our FAC-LIC, i'm looking for a way to use FortiAuthenticator only for 2FA (Token or EMail) verification.
SSLVPN > NPS(User/Group) > FAC(token).
or
SSLVPN > (FAC as Proxy but with Token for LDAP Users is one singe group) > NPS for Groupmembership.
NPS=Windoes NPS
Has anyone an idea how to solve this?
Best regards,
Bastian
Hi @BastianU
Unfortunately this is not possible to be done with FortiAuthenticator using 2FA method the user database will need to be present on FAC otherwise it cannot validate if the user has token or not to be used as OTP method.
Agreed. FAC is a better RADIUS server than NPS anyways so I would just migrate to FAC completely.
Hello together,
first of all, thank you very much for your quick answers. But I found something else here.
looks like it will work this way. First tests are successful.
I'll play with it a bit more before I can say that it works really well.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.