Forticlient with Microsoft Authenticator | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB
Fuse
- Fuse Fortinet User Community

Mark Thread UnreadFlat Reading Mode ❐

Hot!Forticlient with Microsoft Authenticator

Author Post Essentials Only Full Version
PBANZ New Member Total Posts : 2 Scores: 0 Reward points: 0 Joined: 2020/11/30 18:48:08 Status: offline 2020/11/30 18:55:24 (permalink) 0 Forticlient with Microsoft Authenticator I tested the fullversion of forticlient connect before login with microsoft authenticator as the second factor auth. I found the that in this scenario in all versions of client from 6.0.x up that the auth just times out. i had another rule that allowed the user with out 2fa and if i did a deny on the prompt it doesn't deny the user, the login times out and moves to the next rule. this is only with connect before login. has anyone else encountered this, anyone found a way to solve it. note: we are Not running EMS so can't log with TAC. #1 4 Replies Related Threads
isamt Bronze Member Total Posts : 48 Scores: 2 Reward points: 0 Joined: 2017/12/29 01:52:35 Status: offline Re: Forticlient with Microsoft Authenticator 2020/12/04 04:17:01 (permalink) 0 I have setup and tested using the nps-extension with the following documentation: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn#install-and-configure-the-nps-extension Works fine for me Not sure if you have setup in the same way. #2
PBANZ New Member Total Posts : 2 Scores: 0 Reward points: 0 Joined: 2020/11/30 18:48:08 Status: offline Re: Forticlient with Microsoft Authenticator 2020/12/06 12:54:21 (permalink) 0 yes setup the same, are you using a code number from the app or responding to the approve prompt. customer is using the approve/deny prompt in authenticator. the specific scenario with connect before login and the authenticator prompt is failing. #3
isamt Bronze Member Total Posts : 48 Scores: 2 Reward points: 0 Joined: 2017/12/29 01:52:35 Status: offline Re: Forticlient with Microsoft Authenticator 2020/12/07 09:12:28 (permalink) 0 Yes, we are using the approve/deny prompt method. If your Fortigate is not in the same site as the on-prem NPS server, then you will need to increase the default time-out for the RADIUS authentication. On the Fortigate enter commands: config user radius edit "radius_server_name" set timeout 30 default time-out is 5 secs. I found 30 worked for me. latency between Fortigate and NPS server is 18ms You can test the authentication directly from the Fortigate: diagnose test authserver radius radius_server_name pap userid user_password #4
Admin_FTNT Administrator Total Posts : 101 Scores: 6 Reward points: 0 Joined: 2003/11/28 00:00:00 Status: offline Re: Forticlient with Microsoft Authenticator 2020/12/08 00:22:40 (permalink) 0 From PBANZ: Timers were adjusted, and auth works fine once a user is logged into the laptop. It only if they connect the vpn before they login that the issue occurs. Only discovered as there was a test rule after that allowed the user with out MFA and the user was in both security groups. They would deny the connection for testing and still be permitted. #5

Jump to:

© 2021 APG vNext Commercial Version 5.5