Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hoygen
New Contributor

forticlient with microsoft authenticator otp

Good Morning,

If I have an active directory user with microsoft authenticator otp configured, is it possible to login in forticlient using otp?

Thank you in advance.

6 REPLIES 6
kd007
New Contributor III

You are talking about using Microsoft Authenticator to give you the 6-digit 2-factor auth key to login to a VPN using FortiClient, right? If so, no I dont think this is possible. Last time I tried this it let me setup Authenticator with my VPN account but the generated codes were not correct. It is like it uses a similar but slightly-different algorithm that is incompatible with Fortinet's 2FA.

Hoygen
New Contributor

I'm trying to make duo work.

jsexton
New Contributor

If you figure out how to configure Duo to work with the FortiVPN, please update this thread. I've had no luck getting it to work.

Hoygen
New Contributor

Duo can work with fortigate.

https://duo.com/docs/fortinet

Just follow the duo guide, then add the radius group to a sslvpn portal/tunnel.

Be aware that if you want to limit the traffic of a single user, using duo you can't, but you can limit the traffic of all the duo radius users.

I would suggest fortitoken if you find yourself with this specific issue.

georgijs_netipanovs

Microsoft has Azure Multi-Factor Authentication Server which can serve as RADIUS server

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-dir-radius

 

skolesar

Microsoft has Azure Multi-Factor Authentication Server which can serve as RADIUS server

 

That is true.  However, that is the backend process.  The goal here is to replace/merge the various user-facing Authenticators, instead of having two or more to sort through.

(¯·._.··¸.-~*´¨¯¨*·~-.Dont Panic.-~*´¨¯¨*·~-.¸··._.·´¯)
(¯·._.··¸.-~*´¨¯¨*·~-.Dont Panic.-~*´¨¯¨*·~-.¸··._.·´¯)
Labels
Top Kudoed Authors