Identity As-A-Service

FortiAuthenticator™ is an enterprise-level network identity policy solution developed by Fortinet, Inc. It is designed to provide secure yet controlled access to the network, ensuring that the right individuals have the appropriate level of access at the right time without compromising security. Here's an introduction to the product in English:

1. Fortinet Single Sign-On: It offers a secure identity and role-based access to the Fortinet connected network, integrating with existing Active Directory or LDAP authentication systems to provide user identity-based security without hindering the user experience or creating additional work for network administrators.

2. FortiAuthenticator: This builds upon the Fortinet Single Sign-On by introducing a broader range of user identification methods and greater scalability. FortiAuthenticator acts as the gatekeeper for authorization into the Fortinet secured enterprise network. It identifies users, queries access permissions from third-party systems, and communicates this information to FortiGate devices for use in Identity-Based Policies.

3. Identity and Access Management: FortiAuthenticator provides transparent identification through a variety of methods, including:

   • Polling an Active Directory Domain Controller.
   • Integration with the FortiAuthenticator Single Sign-On Mobility Agent, which detects logins, IP address changes, and logouts.
   • FSSO Portal-based authentication with tracking widgets to reduce the need for repeated authentications.
   • Monitoring RADIUS Accounting Start records.

4. Features:

   • Enables identity and role-based security policies within the Fortinet secured enterprise network without the need for additional authentication by integrating with Active Directory.
   • Strengthens enterprise security by simplifying and centralizing the management of user identity information.
   • Supports secure Multi-factor/OTP Authentication with full support for FortiToken.
   • Offers RADIUS and LDAP Authentication.
   • Manages certificates for enterprise VPN deployment.
   • Supports IEEE802.1X for wired and wireless network security.
   • Provides SAML SP/IdP Web SSO and OpenID Connect SSO.
   • Incorporates FIDO2 Features, also known as Passwordless authentication, allowing for strong single-factor (passwordless), two-factor, and multi-factor authentication for added protection.

5. Key Features and Benefits:

   • Transparent user identification with zero impact on enterprise users.
   • Integration with LDAP and AD for group membership.
   • Utilizes existing systems for network authorization information, reducing deployment times and streamlining management processes.
   • A wide range of user identification methods for integration with diverse enterprise environments.
   • Enables identity and role-based security, allowing security administrators to grant users access to relevant network and application resources appropriate to their roles while maintaining control and minimizing risk.

6. FortiAuthenticator Series Data Sheet:

   • Details the hardware specifications, system capacity, dimensions, weight, environmental requirements, and power requirements for different models of FortiAuthenticator (FAC-300F, FAC-800F, FAC-3000F).

7. Additional Features and Benefits:

   • Centralizes user management with a local authentication database featuring RADIUS and LDAP interfaces.
   • Offers a wide range of strong authentication methods, including software and hardware One Time Password (OTP) tokens, email and SMS OTP, digital certificates, and FIDO keys.
   • Provides user self-registration and password recovery features to reduce the need for administrator intervention and improve user satisfaction.
   • Simplifies deployment with integration with existing directories like Active Directory and LDAP.
   • Streamlines certificate management for rapid, cost-effective deployment of certificate-based authentication methods such as VPNs.
   • Implements 802.1X authentication for enterprise port access control to validate user connections to LAN and Wireless LAN, preventing unauthorized network access.

8. Product SKU Description:

   • Lists the different models of FortiAuthenticator hardware along with corresponding licenses and upgrade options.

9. Order Information:

   • Provides information on power supplies and other optional accessories.

10. Copyright and Disclaimer:

    • The document is copyrighted by Fortinet, Inc., and includes registered trademarks of Fortinet, as well as other potential trademarks or service marks.

The document concludes with contact information for Fortinet and the date of the copyright statement.

FortiAuthenticator™ offers several advantages that contribute to its appeal as a comprehensive identity and access management solution for enterprise networks. Here are some of the key benefits highlighted in the document:

1. Secure Access: It provides secure network access by integrating with existing authentication systems like Active Directory or LDAP, ensuring that only authorized users gain access to network resources.

2. Scalability: FortiAuthenticator is designed to scale, offering a wide range of user identification methods and the ability to handle a large number of users and devices.

3. Transparent Identification: It delivers transparent identification methods that have minimal impact on the user experience, such as Active Directory polling, SSO Mobility Agent, and portal-based authentication.

4. Role-Based Security: Allows for the enforcement of identity and role-based security policies, ensuring users have access to the appropriate network and application resources based on their role within the organization.

5. Multi-factor Authentication (MFA): Supports MFA, including OTP and FIDO2, adding an extra layer of security and reducing the risk of unauthorized access.

6. Certificate Management: Simplifies the management and deployment of certificates for VPNs, which is crucial for securing site-to-site VPN connections.

7. Integration Capabilities: It integrates with various systems and protocols, including RADIUS, LDAP, SAML, OpenID Connect, and 802.1X, providing a versatile solution for different network environments.

8. User Self-Service: Features like user self-registration and password recovery reduce the administrative burden and improve user satisfaction by allowing users to manage their own credentials.

9. Compliance Support: Helps organizations meet audit requirements associated with government and business privacy regulations through its strong authentication and authorization controls.

10. Flexibility: FortiAuthenticator can be deployed in various forms, including as an appliance, a virtual machine, or hosted in the cloud, allowing organizations to choose the deployment model that best fits their needs.

11. High Availability: Supports high availability configurations to ensure continuous operation and reliability.

12. Comprehensive Authentication Methods: Offers a wide range of strong authentication methods, including physical tokens, mobile devices, email/SMS OTP, and digital certificates, catering to various user requirements and scenarios.

13. REST API for Custom Applications: Provides a REST API that allows the integration of MFA into any web-based application, enhancing security beyond the standard authentication flows.

14. Environmentally Adaptable: Designed to operate in a wide range of temperatures and power conditions, making it suitable for various deployment environments.

15. Standards Compliance: Adheres to various industry standards, ensuring compatibility and interoperability with a broad range of network devices and systems.

These advantages position FortiAuthenticator as a robust and flexible solution for managing user identities and securing access to enterprise networks.

What Are The Usage Scenarios For This Identity As-A-Service?

FortiAuthenticator™ is designed to meet the identity and access management needs of various enterprise scenarios where secure, scalable, and manageable authentication is crucial. Here are some typical use cases for this product, along with reasons why it is suitable based on the provided parameters:

1. Large-Scale Enterprise Networks: With its ability to handle a large number of users (e.g., FAC-3000F supports up to 240,000 local and remote users), FortiAuthenticator is ideal for large enterprises with extensive user bases.

2. Distributed Organizations: Organizations with multiple locations can benefit from FortiAuthenticator's centralized management of user identities and authentication policies, which simplifies administration across a wide geographic spread.

3. High-Security Environments: Given its support for multi-factor authentication methods, including FIDO2 and OTP, FortiAuthenticator is well-suited for environments that require a high level of security, such as financial institutions or government agencies.

4. Complex IT Infrastructures: Enterprises with complex IT infrastructures, including a mix of wired and wireless networks, can utilize FortiAuthenticator's 802.1X support for secure network access control.

5. VPN Deployments: The product's certificate management capabilities make it a strong choice for securing VPN connections, both site-to-site and client-based, which is essential for remote access or by partners and employees working offsite.

6. Integration with Existing Systems: Companies already using Active Directory or LDAP can leverage FortiAuthenticator's integration capabilities for a seamless extension of their current authentication infrastructure.

7. SaaS and Web Applications: Through its SAML and OpenID Connect support, FortiAuthenticator can provide secure SSO to SaaS applications and web services, enhancing the user experience and security for cloud-based tools.

8. Compliance and Auditing: Organizations operating in industries with strict regulatory requirements can use FortiAuthenticator to meet compliance standards, as its detailed authentication and access logs can help with audits.

9. High-Availability Requirements: Businesses that need to ensure continuous operation can deploy FortiAuthenticator in high-availability configurations, supported by Active-Passive HA and Config Sync HA.

10. Diverse User Authentication Needs: With its support for a wide range of authentication methods, from traditional passwords to biometrics (via FIDO2), FortiAuthenticator can accommodate the varying needs of different user groups within an organization.

11. Cost-Effective Scalability: Organizations that anticipate growth can start with an entry-level FortiAuthenticator model and easily expand their user support through hardware upgrade licenses, making it a cost-effective solution for future expansion.

12. Environmentally Resilient Deployments: FortiAuthenticator's ability to operate across a wide range of temperatures and power conditions makes it suitable for deployment in various environmental conditions, from server rooms to more challenging locations.

13. REST API for Custom Integrations: Enterprises that require custom authentication flows for their web applications can use the REST API to integrate FortiAuthenticator's authentication services, providing a tailored solution for their specific needs.

In summary, FortiAuthenticator's flexibility, scalability, and robust feature set make it suitable for a wide array of scenarios where secure, manageable, and adaptable authentication solutions are necessary.