Fortinet FortiAuthenticator Reviews

The solution allows connectivity when switching between LAN and Wi-Fi primarily, and it also uses it for free tokens. So we can share tokens across multiple firewalls.

RADIUS server and integration, apart from the fact that it is a type of tool that can become a certificate server, are the valuable features for which I use it.

I'd like to see the interface become more like other FortiGate products. It seems a little bit of an orphaned one. The user interface and clustering are areas with shortcomings that need improvement.

Scalability has room for improvement since it's not really a cluster. It'd be nice with cluster data. There are things where you have to go to each FortiGate to change. So, there needs to be a cluster.

I have been using Fortinet FortiAuthenticator for five years.

The current version is stable. So, Fortinet FortiAuthenticator 6.3.3 is running.

Scalability-wise, it is a fine solution. Scalability-wise, I rate the solution a nine out of ten.

Around 20 customers are using the solution.

Regarding the support team, I would say that we have faced occasional setup issues for which the support was appropriate.

The initial setup is complicated. However, considering the complicated tasks it does, it is fine.

In general, you just spend about three days designing and implementing the solution.

The deployment is done in the customer's environment and as per what they require. So, configure the LDAP integration and SAML integration with the existing sources. Then I started to create the SAML services and RADIUS services for firewalls. I then copy to add the tokens before authenticating the users. Then, they can pull it down from the OTAP service.

The customers need to pay for licenses, and some pay on a yearly basis while others pay on a three-yearly or five-yearly basis. Also, it is not an expensive solution.

I would definitely recommend the solution to those planning to use it. However, I would suggest those planning to use it figure out what they want because you also have a FortiGate product, Fortinet product, and FortiAuthenticator, which can be a bit confusing. There are other products that FortiGate sells. So you have to figure out which solution you want.

I rate the overall solution a nine out of ten.

We use the solution for different clients and how they authenticate for VPN and Wi-Fi. We also use it for the captive portal and single sign-on. We use it for quite a bit for authentication.

The product has become a central hub for how dozens of our clients authenticate to VPN and Wi-Fi. It has given us a very easy way to manage dozens of customers and how they authenticate and troubleshoot. It gives us a one-stop shop for everything. The solution is very easy to manage. When we have multiple customers authenticating to multiple domain controllers, it centralizes all that from an MSP perspective.

The ease of management of authentication for multiple clients is a valuable feature.

The product must provide full support for third-party FIDO security keys. It must also provide full support for YubiKeys authentication keys.

I have been using the solution for about four years.

The tool is extremely stable. I rate the stability a ten out of ten.

We can scale the solution pretty well. I rate the scalability a ten out of ten.

We rarely have to call the support team for this product. When we do call, support is usually pretty good.

Positive

The solution was straightforward to deploy.

I have seen an ROI on the tool.

I rate the pricing an eight out of ten. The solution is not very expensive.

If someone’s looking for a way to easily manage the different ways that users can authenticate in their environment, I would suggest Fortinet FortiAuthenticator 100%. It's an extremely good value for all the different things that it does. Overall, I rate the product a nine out of ten.

We use Fortinet FortiAuthenticator, mostly where wireless or wired authentication needs to be integrated between multiple identity stores.

The most valuable feature of the solution is RADIUS service and the social network integration feature.

The GUI has some shortcomings and can be made better. The GUI is not great.

For the next release, the thing that will be most useful is to integrate with other MFA providers.

I have been using Fortinet FortiAuthenticator for four years. My company has a partnership with Fortinet. We are also resellers.

Stability-wise, I rate the solution a nine out of ten. I have only ever known one stability problem.

Scalability-wise, I rate the solution an eight out of ten.

I think that commercially it is not valid for a very small number of users. It doesn't scale down all the way. I think that although it can be scaled up to thousands of users, it wouldn't be suitable for, like, a mobile network scale if you have got 50,000 or 1,00,000 users.

At the entry point, we have more than 100 users.

I have directly contacted the solution's support. They are very helpful. They do require a lot of supporting information, but they are very effective for what they do. I rate the technical support a nine out of ten.

Positive

Regarding setup, I would say that it is straightforward but not simple. It's not a job for the novice, but it is straightforward for an experienced engineer. Also, my clients normally ask for help.

The solution gets deployed on physical, virtual, and SaaS.

On a scale of one to ten, where one is a high price and ten is a low price, I rate the pricing a seven.

Price-wise, it is competitive, but they still charge.

For comparing or evaluating Fortinet FortiAuthenticator, the competitors I would normally expect to see would be RSA Security with their SecurID product. Also possibly, I would say that you would compare it against Duo or Okta.

Fortinet FortiAuthenticator is better since it is very much use-case dependent. I think a Fortinet-heavy environment where the customer already has a lot of investment into Fortinet makes it easier since it integrates more closely with their network equipment, like their firewalls. Also, it does not always require an on-premise component to provide services like RADIUS.

People who are looking to implement the product should pay attention to scaling and plan deployment thoroughly before starting, as for many things, once the decision is made, some things are difficult to change.

I rate the overall solution an eight out of ten.

The solution syncs with our active directory and allows configuration for 
two-factor authentication. We're using the two-factor authentication for our Office 365 email and cloud. We needed a way to use the authenticator to configure a trusted network so that when the users are in-house, on our network, they don't get prompted for two-factor. We don't want to go through that rigmarole every time, so basically it authenticates through active directory that this trusted network that we're on is going to encrypt the data. Then, when they're not on a trusted network or they're at home and trying to log in, the user gets a SMS message to put in a token to validate their identity for their email username and password.

The most valuable feature is the flexibility in using the SMS messages. People give me their cell phone numbers, I put them in the active directory, it syncs over to the authenticator, and then they're able to use the two-factor authentication when they're at home or doing something outside of our network.

It was very hard to find the right people to help us set up the solution. We hired a third party, but they were not as helpful as they could have been. After that, we got a higher level of support through Fortinet, and they engaged with us and worked out the final bit. The connectivity between Microsoft Office and the authenticator is very tricky when it comes to certificates and you need more expertise for that, so if you don't have the experience, you need a higher level person to help with it.

I would like to see more support from Fortinet with tech support people who have as much expertise on the authenticator as they do on their firewalls. They don't have enough people with that expertise.

Once you get comfortable, you want to ask questions like "Okay, what if I do this, what is the impact?" You don't know what changes you can apply until they happen. It's better to have somebody who knows what they're doing, and knows what changes you apply are going to make a difference. Once I was able to talk to the second level Fortinet person I said, "Well, what does this do? What does that do?" Then he helped me and I said, "Okay." That makes a difference, because it's new and you don't know what you're supposed to do.

I have been using this solution for about five months. 

The stability of the solution has been very good. I haven't had any issues. 

The funny thing is, when I first got the authenticator there was a problem with it and I couldn't get it configured. I had to go through Fortinet to troubleshoot the fact that it was basically inoperable. I had to send it back and then they sent me another one, and that one has worked fine, so that was just one of those freak things that happens.

I think you can scale it toward different functionalities. For example, we have a Fortinet firewall and I could have used 40 tokens to configure the authenticator for that usage, but I chose to use it just for the email. In the same vein, there's scalability for other applications, servers, and cloud servers to set up a two-factor configuration on this authenticator. For other applications you have to pony up with the vendor who's doing it and log into their application in the cloud, then they have to be able to coordinate this thing, so that's kind of hard to figure out.

We use the solution for anybody who wants to have remote access to their email, so pretty much anybody who says, "Yeah, I'm going to be checking my email from home," I configure it so that they can do that. I'd say most everybody in our company has it. Whether they use it or not is a different story, but I have to buy SMS messages licenses for every person who wants the option to use it.

You only need one person, like myself, for maintenance. Once it's up and running, people can log in and get their email, and if there are issues I can look at the log and say, "Well, it's telling me you're putting the wrong password in or username." Or it shows, "Oh, you got it right. Success." 

The solution is an integral part of our security for our email network, and like I said, we'll begin using it for other cloud applications. We signed a three-year contract for the solution, so it's here to stay.  

The tech support is okay. If you have complex problems, there are not enough people to help, and you have to get to a higher level of support, so it can be a little challenging to get to the right person. That's on Fortinet as a company, though; what they provide is excellent. It's just getting to the right person.

We used to use an authenticator called Duo, but we're a small rural hospital, and that solution is a lot more expensive. It was probably at least three times the cost of Fortinet. The other thing was that I already had a Fortinet firewall, so I wanted something in conjunction with that to work alongside it.

It was complex when it came to the active directory portion of the product. Knowing what was required to have the active directory integration with the authenticator was a little tricky, and figuring out how the users' email addresses were going to be displayed. When you go to Office 365, it redirects it back to the authenticator and you have to make sure you have the right configuration and the right domain because it inputs it based on your domain name. It was difficult to get that figured out.

We used a third party in conjunction with higher level Fortinet support for deployment. We had to get a certificate and the third party helped us with that, and then we had to talk with Microsoft too, so it was tricky.

During setup it was hard to make sure that the solution was doing what it was supposed to do. There were different factors that made it difficult, but it might have been because the person who was trying to implement the solution didn't understand it fully. There were some inconsistencies in standards for active directory account names, for example, usually you'd have first initial, last name, and that would be your domain name. However, we had some older users, myself included, that had a different format that included their department name, like 46-JMoore for example, and the authenticator didn't understand that. You'd have to tell the user, "Okay, you're using this old formatting for your username, but you need to put it in differently so the authenticator can understand it." It wasn't really the authenticator's problem, but more so had to do with fitting the environment into the authenticator's configuration.

First you have to buy the unit, then you have to buy the license for it. I think we have a 100-user license. The price depends on the model. We have a FAC 300, which channels X number of users, so if you have a lot more users, you're going to buy a higher model, like with any other solution. 

We got the reseller price, so we paid $3,450 for the authenticator model itself. The support contract is about $2,900 for three years, which is a pretty good deal.
Then you've got to pay the fee for their help with the installation. That was like $6,000, but it varies depending on the vendor. So between paying them to help with the configuration, the box itself, and the support, it came to like $12,500, including a three-year service agreement.

The only other cost is for the SMS messages, which are not expensive. It's under $30 for like 100 SMS messages, so it's not a big deal.

My advice to people considering this solution is that I think you need somebody who has experience with FortiAuthenticator, and most places are going to have to use a third party to get it installed correctly. I also think the third parties have some leverage on accessing the higher level of Fortinet support, which helps. I think you can do certain parts yourself, like preparing the device for your active directory, but when it comes to actually getting comfortable with the commands and knowing what you're doing, you need a third party to help you get it installed correctly.

I would rate this solution as a nine out of ten.

We use the solution for identity access management. The people who manage our network devices use the tool as an SSO tool for security or interconnectivity. We use it for remote access, too. We use it in our environment and three of our clients’ environments. We haven’t faced any issues.

The product enables SSO. So we can avoid multiple authentications. We can have a single point of authentication and connectivity for VPN and remote access. The integrations work fine. It is very easy to integrate with the Fortinet environment.

The security space is changing. The product must provide passwordless and seamless connectivity. If a particular user is identified automatically, they should not be authenticated repeatedly with tokens. It should be seamless. It could be a physical device, hardware, or some digital identity. Once the user logs in, they must be able to connect seamlessly. The integration with third-party tools must be better.

I have been using the solution for four years.

I rate the tool’s stability an eight out of ten.

I rate the tool’s scalability an eight out of ten. The solution is suitable for all company sizes.

Technical support is good.

The deployment is seamless. The product is cloud-based.

We deploy the solution in-house. Our team supports our clients and manages their environment.

The price is fine. I rate the pricing an eight and a half out of ten.

We haven’t tested it on a hybrid environment. We use FortiAuthenticator along with Active Directory. Active Directory has some issues. FortiAuthenticator as a database must be segregated or isolated. Then, it can sync with Active Directory. Cisco Duo is a competitor. However, if we have a FortiGate environment, FortiAuthenticator is a better choice for accessibility and identity management. I will recommend the product to others. Overall, I rate the solution an eight out of ten.

FortiAuthenticator provides multi-factor authentication. After testing your username and password, it adds another layer of authentication where FortiAuthenticator challenges you with a number provided by the FortiToken app on your mobile phone.

I appreciate its ability to provide multi-factor authentication, but it's primarily focused on this function.  

There are some minor things that could enhance the overall experience. Maybe enhancing user integration with other solution tools to implement multifactor authentication using virtual authentication. 

Another area of improvement is stability and support.

We have been using this solution for two and a half years. We use the latest version, we usually update the solution for the upgraded version. 

It is quite stable. I would rate the stability a nine out of ten. There are other solutions that perform certain aspects better than FortiAuthenticator. It's a strong solution, but there's room for enhancement.

There are no problems with scalability. In our company, all the employees use it to access network resources through VPN. And around 60% of our customers also use this solution. 

Customer service and support are quite good. Fortinet provides quick and helpful responses, though occasionally, the answer might not directly address the issue.

We used Cisco SSO authentication system before switching to Fortinet FortiAuthenticator. It was mainly because of economic aspects. 

The setup depends on the integration requirements. Integrating FortiAuthenticator with other Fortinet products is relatively straightforward.

In terms of implementation, it performs quite well.

The deployment time is variable. Due to occasional weaknesses in the API, deployment time can vary. Sometimes it's easy, and sometimes not due to these factors.
We managed the deployment ourselves. In another business unit of my company, we're integrators for this tool. We handle the sale and implementation projects, so we have the required competencies.

For example, we need to set up the network and integrate it with the desired resolution for the deployment process. Then, deploy the client zone to the users' mobile phones, enabling them to use virtual authentication configurations.

The solution is deployed both on-prem and cloud. The staff needed includes engineers, developers, and sometimes even technical support for custom API creation and customer designations.

I have seen an ROI because the solution allows you to enhance security, leading to better rates in other security aspects.

It's not expensive. As we increase the number of users, we'll also be expanding the company workforce.

It's a yearly payment, but you can also find options for monthly payments. There are no additional costs to the standard license. 

I would rate the pricing a five out of ten, where one is the cheapest and ten is expensive. 

The advice is simply to use it. Overall, I would rate the solution an eight out of ten. 

Our primary use case for the product is to enable two-factor authentication for our VPN solutions within FortiGate. Additionally, we utilize it to secure our FortiWeb tool security portal with two-factor authentication.

Improvements in the product could start from the dashboard, overall customization, and configuration. FortiAgent, installed on an end user's computer, provides two-factor authentication but lacks centralized management. This particular area needs improvement. 

We've been using Fortinet FortiAuthenticator for around five years, staying updated with the latest version.

I rate the platform's stability as four out of ten. When they release new software, we sometimes encounter issues utilizing the box, and it takes almost 30 days to resolve them.

In just our organization, where we are a partner, there are around 100 Fortinet FortiAuthenticatorusers. However, we have implemented the solution for customers with up to 10,000 users.

I rate the scalability a ten out of ten.

The technical support team is helpful.

Neutral

Our organization has a diverse portfolio of products, including Check Point and hardware such as switches, Xfinity Networks, Juniper, HP, and Dell.

We typically only need to perform installation updates or implement changes if infrastructure changes occur at the customer's end. This doesn't happen often, once or twice a year. When implemented correctly, it's not complicated to manage, so it isn't required. We have a team of five engineers responsible for deployment, maintenance, and all other operations related to the product.

The platform provides a user-based pricing model rather than a subscription pricing model. For instance, the virtual machine and license for 100 users amount to around $2000. Additionally, there may be additional expenses for features like FortiToken.

I rate the pricing an eight out of ten.

FortiAuthenticator enhances user authentication by integrating a database with user credentials, including logins and passwords. This integration enables the import of user data from various sources such as Active Directory, Microsoft, OpenLDAP, or RADIUS servers. Additionally, FortiAuthenticator supports adding a second factor for authentication, which can include options like Fortinet SMS, email tokens, or other methods.

The implementation has significantly improved access management within our organization. We have exposed certain portals like Avaya and Microsoft Exchange to the public internet by adding a two-factor authentication login process to these portals using the product.

The most critical feature in improving our security is the two-factor authentication feature. It also includes an agent that can be installed on a user's computer, adding another layer of security to the login process for computer access.

For these users, incorporating the second factor poses no problem. However, some less experienced users may need help adding and using the second factor during login. With assistance from our help desk and after a few attempts, these users find the process straightforward.

Integrating FortiAuthenticator with our existing infrastructure has been quite easy, especially considering our experience as a business partner of Fortinet. After several years of using and implementing the product for our customers, we've encountered no major issues. The process is simple, typically taking only a few implementations to become familiar with all the features.

I recommend it to others and rate it an eight out of ten.

We use the product for multi-factor authentication, single sign-on, and FIDO integration. We utilized it while logging into Windows and remote SSL VPN with MFA.

The product's on-premise version doesn't have recurring costs.

Fortinet FortiAuthenticator's initial setup process could be easier.

We have been using Fortinet FortiAuthenticator for two years.

It is a stable platform.

It is a scalable platform.

Fortinet provides excellent support services. A level-one engineer will attend your first call if you have a basic support contract. However, your call will be transferred to a specialist if you have an advanced-level support contract.

Neutral

We used Duo before. It is a cloud solution and has recurring costs. Thus, we switched to Fortinet FortiAuthenticator as it is an on-premise solution and comparatively inexpensive without recurring costs. They only charge a nominal fee for support.

The initial setup is complex. It would be helpful if customers get assistance from professional services. They can customize it depending on the architecture visibility. It is easy to design if they hire a knowledgeable architect. It takes less than a week to complete.

Our company provides professional software development services to different clients.

The product generates a lower ROI than other vendors.

I rate Fortinet FortiAuthenticator a nine out of ten. I advise others to have clarity on the visibility and scope of the design and then start with the deployment.