we purchased the fortiauthenticator for two main reasons, 1- to get away from using the Fortinet Single Signon Agent for authentication purposes, and 2 - to use the fortitokens so we can do MFA on forticlient.
we want to do MFA first, is there any problem with setting up fortiauthenticator just for MFA, and later setting it up for replacing the FSSO agent?
the MFA function and FSSO function of FortiAuthenticator are completely independent, so you should have no issues to set up two-factor authentication.
The most common setup I see is to import users into FortiAuthenticator (this can be automated) and then associating the users with tokens, and having FortiGate use FortiAuthenticator as a RADIUS server for things like VPN authentication.
The FSSO setup doesn't intersect with a RADIUS/MFA setup on FortiAuthenticator at all, really - you can set up FortiAuthenticator as essentially a collector agent, and a connector on FortiGate to point to FortiAuthenticator instead of a dedicated collector agent, and FortiGate will treat that FSSO login activity as separate from RADIUS/MFA as well.
Let us know if you have any questions or would like some useful links on configuring anything :)
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.