Re: new to fortiauthenticator, how does it work?
☄ Helpfulby abdulmoiz2006 2021/06/09 08:59:10
Think of FAC as Radius server, it makes understanding much easier. As the consequence of it:
- Yes, Cisco switches/routers will work with FAC for Cli user authentication using the usual aaa authentication ... group radius
- FAC works by providing Radius services to the authenticating clients, while using Windows AD or own local databases as the source for users/passwords. Usually you link FAC to AD via LDAP protocol, then those users can authenticate against FAC using their AD credentials.
- How you use it depends on what you need. Using Forticlient (FC) most probably you mean Remote VPN connecting to Fortigates, then yes - FC connects to some Fortigate linked to FAC and authenticates user against FAC.
- FAC supports additionally SSO/SAML and probably other stuff (I don't use) I can't comment much on.
- From experience, most frequent case for FAC use is registering Fortitokens with it for MFA - this way a user can have just 1 FortiToken and connect to any device linked to FAC.