Fortinet FortiAuthenticator-200D FAC-200D User Manual
Product codes
FAC-200D
www.fortinet.com
FortiCare
Worldwide 24x7 Support
support.fortinet.com
FortiGuard
Threat Research & Response
www.fortiguard.com
FortiAuthenticator user identity management appliances strengthen enterprise
security by simplifying and centralizing the management and storage of user
identity information.
security by simplifying and centralizing the management and storage of user
identity information.
Enterprise Network Identity Policy
Network and Internet access is key for almost every role within the enterprise; however,
this requirement must be balanced with the risk that it brings. The key objective of
every enterprise is to provide secure but controlled network access enabling the right
person the right access at the right time, without compromising on security.
Fortinet Single Sign-On is the method of providing secure identity and role-based access
to the Fortinet connected network. Through integration with existing Active Directory or
LDAP authentication systems, it enables enterprise user identity based security without
impeding the user or generating work for network administrators. FortiAuthenticator
builds on the foundations of Fortinet Single Sign-on, adding a greater range of user
identification methods and greater scalability. FortiAuthenticator is the gatekeeper of
authorization into the Fortinet secured enterprise network identifying users, querying
access permissions from third party systems and communicating this information to
FortiGate devices for use in Identity-Based Policies.
FortiAuthenticator delivers transparent identification via a wide range of methods:
• Polling of an Active Directory Domain Controller;
• Integration with FortiAuthenticator Single Sign-On Mobility Agent which detects
this requirement must be balanced with the risk that it brings. The key objective of
every enterprise is to provide secure but controlled network access enabling the right
person the right access at the right time, without compromising on security.
Fortinet Single Sign-On is the method of providing secure identity and role-based access
to the Fortinet connected network. Through integration with existing Active Directory or
LDAP authentication systems, it enables enterprise user identity based security without
impeding the user or generating work for network administrators. FortiAuthenticator
builds on the foundations of Fortinet Single Sign-on, adding a greater range of user
identification methods and greater scalability. FortiAuthenticator is the gatekeeper of
authorization into the Fortinet secured enterprise network identifying users, querying
access permissions from third party systems and communicating this information to
FortiGate devices for use in Identity-Based Policies.
FortiAuthenticator delivers transparent identification via a wide range of methods:
• Polling of an Active Directory Domain Controller;
• Integration with FortiAuthenticator Single Sign-On Mobility Agent which detects
login, IP address changes and logout;
• FSSO Portal based authentication with tracking widgets to reduce the need for
repeated authentications;
• Monitoring of RADIUS Accounting Start records.
FortiAuthenticator
FSSO Features
• Enables identity and role-based
security policies in the Fortinet secured
enterprise network without the need
for additional authentication through
integration with Active Directory
enterprise network without the need
for additional authentication through
integration with Active Directory
• Strengthens enterprise security
by simplifying and centralizing the
management of user identity information
management of user identity information
Additional FortiAuthenticator Features
• Secure Two-factor / OTP Authentication
with full support for FortiToken
• RADIUS and LDAP Authentication
• Certificate management for enterprise
VPN deployment
• IEEE802.1X support for wired and
wireless network security
FortiAuthenticator
TM
User Identity Management and Single Sign-On
Key Features & Benefits
FSSO Transparent User Identification
Zero impact for enterprise users.
Integration with LDAP and AD for
group membership
group membership
Utilizes existing systems for network authorization information, reducing deployment times and
streamlining management processes. Integration with existing procedures for user management.
streamlining management processes. Integration with existing procedures for user management.
Wide range of user identification methods
Flexible user identification methods for integration with the most diverse of enterprise environments.
Enablement of identity and
role-based security
role-based security
Allows security administrator to give users access to the relevant network and application resources
appropriate to their role. while retaining control and minimizing risk.
appropriate to their role. while retaining control and minimizing risk.