Fortinet FortiAuthenticator-200D FAC-200D User Manual
Product codes
FAC-200D
2
Active Directory Polling
User authentication into active directory is detected by regularly polling domain
controllers. When a user login is detected, the username, IP and group details
are entered into the FortiAuthenticator User Identity Management Database and
according to the local policy, can be shared with multiple FortiGate devices.
controllers. When a user login is detected, the username, IP and group details
are entered into the FortiAuthenticator User Identity Management Database and
according to the local policy, can be shared with multiple FortiGate devices.
highlights
FortiAuthenticator
Single Sign-On User
Identification Methods
FortiAuthenticator can identify users
through a varied range of methods and
integrate with third party LDAP or Active
Directory systems to apply group or
role data to the user and communicate
with FortiGate for use in Identity
based policies. FortiAuthenticator is
completely flexible and can utilize these
methods in combination. For example,
in a large enterprise, AD polling or
FortiAuthenticator SSO Mobility Agent
may be chosen as the primary method
for transparent authentication with
fallback to the portal for non-domain
systems or guest users.
through a varied range of methods and
integrate with third party LDAP or Active
Directory systems to apply group or
role data to the user and communicate
with FortiGate for use in Identity
based policies. FortiAuthenticator is
completely flexible and can utilize these
methods in combination. For example,
in a large enterprise, AD polling or
FortiAuthenticator SSO Mobility Agent
may be chosen as the primary method
for transparent authentication with
fallback to the portal for non-domain
systems or guest users.
FortiAuthenticator SSO Mobility Agent
For complicated distributed domain architectures where polling of domain
controllers is not feasible or desired, an alternative is the FortiAuthenticator
SSO Client. Distributed as part of FortiClient or as a standalone installation
for Windows PCs, the client communicates login, IP stack changes (Wired >
Wireless, wireless network roaming) and logout events to the FortiAuthenticator,
removing the need for polling methods.
controllers is not feasible or desired, an alternative is the FortiAuthenticator
SSO Client. Distributed as part of FortiClient or as a standalone installation
for Windows PCs, the client communicates login, IP stack changes (Wired >
Wireless, wireless network roaming) and logout events to the FortiAuthenticator,
removing the need for polling methods.
FortiAuthenticator Portal and Widgets
For systems which do not support AD polling or where a client is not feasible,
FortiAuthenticator provides an explicit authentication portal. This allows the
users to manually authenticate to the FortiAuthenticator and subsequently into
the network. To minimize the impact of repeated logins required for manual
authentication, a set of widgets is provided for embedding into an organization’s
intranet which automatically logs the users in through the use of browser cookies
whenever they access the intranet homepage.
FortiAuthenticator provides an explicit authentication portal. This allows the
users to manually authenticate to the FortiAuthenticator and subsequently into
the network. To minimize the impact of repeated logins required for manual
authentication, a set of widgets is provided for embedding into an organization’s
intranet which automatically logs the users in through the use of browser cookies
whenever they access the intranet homepage.