Re: Fortigate SSL VPN with RSA SecurID as Multi-Factor-Authentication
I'm not familiar with RSA SecurID, but I assume the principles are largely the same as what we do with Okta. Is RSA aware of your AD (i.e. can it do primary authentication)? If so, you don't necessarily need "both", you just need the RSA server (RADIUS I assume?) to perform both factors before returning a successful login.
In our case specifically we use Aruba ClearPass (RADIUS) to authenticate all our SSL-VPN. When we added Okta it was as simple as adding Okta RADIUS to ClearPass where password and MFA was checked, then ClearPass used whatever other AD attributes it needed to determine what groups to send back to the FortiGate.
I implemented on 6.0.9 though, and we're on 6.4.1 now.