Fortinet FortiAuthenticator Reviews

We use Fortinet FortiAuthenticator, mostly where wireless or wired authentication needs to be integrated between multiple identity stores.

The most valuable feature of the solution is RADIUS service and the social network integration feature.

The GUI has some shortcomings and can be made better. The GUI is not great.

For the next release, the thing that will be most useful is to integrate with other MFA providers.

I have been using Fortinet FortiAuthenticator for four years. My company has a partnership with Fortinet. We are also resellers.

Stability-wise, I rate the solution a nine out of ten. I have only ever known one stability problem.

Scalability-wise, I rate the solution an eight out of ten.

I think that commercially it is not valid for a very small number of users. It doesn't scale down all the way. I think that although it can be scaled up to thousands of users, it wouldn't be suitable for, like, a mobile network scale if you have got 50,000 or 1,00,000 users.

At the entry point, we have more than 100 users.

I have directly contacted the solution's support. They are very helpful. They do require a lot of supporting information, but they are very effective for what they do. I rate the technical support a nine out of ten.

Positive

Regarding setup, I would say that it is straightforward but not simple. It's not a job for the novice, but it is straightforward for an experienced engineer. Also, my clients normally ask for help.

The solution gets deployed on physical, virtual, and SaaS.

On a scale of one to ten, where one is a high price and ten is a low price, I rate the pricing a seven.

Price-wise, it is competitive, but they still charge.

For comparing or evaluating Fortinet FortiAuthenticator, the competitors I would normally expect to see would be RSA Security with their SecurID product. Also possibly, I would say that you would compare it against Duo or Okta.

Fortinet FortiAuthenticator is better since it is very much use-case dependent. I think a Fortinet-heavy environment where the customer already has a lot of investment into Fortinet makes it easier since it integrates more closely with their network equipment, like their firewalls. Also, it does not always require an on-premise component to provide services like RADIUS.

People who are looking to implement the product should pay attention to scaling and plan deployment thoroughly before starting, as for many things, once the decision is made, some things are difficult to change.

I rate the overall solution an eight out of ten.

The solution syncs with our active directory and allows configuration for 
two-factor authentication. We're using the two-factor authentication for our Office 365 email and cloud. We needed a way to use the authenticator to configure a trusted network so that when the users are in-house, on our network, they don't get prompted for two-factor. We don't want to go through that rigmarole every time, so basically it authenticates through active directory that this trusted network that we're on is going to encrypt the data. Then, when they're not on a trusted network or they're at home and trying to log in, the user gets a SMS message to put in a token to validate their identity for their email username and password.

The most valuable feature is the flexibility in using the SMS messages. People give me their cell phone numbers, I put them in the active directory, it syncs over to the authenticator, and then they're able to use the two-factor authentication when they're at home or doing something outside of our network.

It was very hard to find the right people to help us set up the solution. We hired a third party, but they were not as helpful as they could have been. After that, we got a higher level of support through Fortinet, and they engaged with us and worked out the final bit. The connectivity between Microsoft Office and the authenticator is very tricky when it comes to certificates and you need more expertise for that, so if you don't have the experience, you need a higher level person to help with it.

I would like to see more support from Fortinet with tech support people who have as much expertise on the authenticator as they do on their firewalls. They don't have enough people with that expertise.

Once you get comfortable, you want to ask questions like "Okay, what if I do this, what is the impact?" You don't know what changes you can apply until they happen. It's better to have somebody who knows what they're doing, and knows what changes you apply are going to make a difference. Once I was able to talk to the second level Fortinet person I said, "Well, what does this do? What does that do?" Then he helped me and I said, "Okay." That makes a difference, because it's new and you don't know what you're supposed to do.

I have been using this solution for about five months. 

The stability of the solution has been very good. I haven't had any issues. 

The funny thing is, when I first got the authenticator there was a problem with it and I couldn't get it configured. I had to go through Fortinet to troubleshoot the fact that it was basically inoperable. I had to send it back and then they sent me another one, and that one has worked fine, so that was just one of those freak things that happens.

I think you can scale it toward different functionalities. For example, we have a Fortinet firewall and I could have used 40 tokens to configure the authenticator for that usage, but I chose to use it just for the email. In the same vein, there's scalability for other applications, servers, and cloud servers to set up a two-factor configuration on this authenticator. For other applications you have to pony up with the vendor who's doing it and log into their application in the cloud, then they have to be able to coordinate this thing, so that's kind of hard to figure out.

We use the solution for anybody who wants to have remote access to their email, so pretty much anybody who says, "Yeah, I'm going to be checking my email from home," I configure it so that they can do that. I'd say most everybody in our company has it. Whether they use it or not is a different story, but I have to buy SMS messages licenses for every person who wants the option to use it.

You only need one person, like myself, for maintenance. Once it's up and running, people can log in and get their email, and if there are issues I can look at the log and say, "Well, it's telling me you're putting the wrong password in or username." Or it shows, "Oh, you got it right. Success." 

The solution is an integral part of our security for our email network, and like I said, we'll begin using it for other cloud applications. We signed a three-year contract for the solution, so it's here to stay.  

The tech support is okay. If you have complex problems, there are not enough people to help, and you have to get to a higher level of support, so it can be a little challenging to get to the right person. That's on Fortinet as a company, though; what they provide is excellent. It's just getting to the right person.

We used to use an authenticator called Duo, but we're a small rural hospital, and that solution is a lot more expensive. It was probably at least three times the cost of Fortinet. The other thing was that I already had a Fortinet firewall, so I wanted something in conjunction with that to work alongside it.

It was complex when it came to the active directory portion of the product. Knowing what was required to have the active directory integration with the authenticator was a little tricky, and figuring out how the users' email addresses were going to be displayed. When you go to Office 365, it redirects it back to the authenticator and you have to make sure you have the right configuration and the right domain because it inputs it based on your domain name. It was difficult to get that figured out.

We used a third party in conjunction with higher level Fortinet support for deployment. We had to get a certificate and the third party helped us with that, and then we had to talk with Microsoft too, so it was tricky.

During setup it was hard to make sure that the solution was doing what it was supposed to do. There were different factors that made it difficult, but it might have been because the person who was trying to implement the solution didn't understand it fully. There were some inconsistencies in standards for active directory account names, for example, usually you'd have first initial, last name, and that would be your domain name. However, we had some older users, myself included, that had a different format that included their department name, like 46-JMoore for example, and the authenticator didn't understand that. You'd have to tell the user, "Okay, you're using this old formatting for your username, but you need to put it in differently so the authenticator can understand it." It wasn't really the authenticator's problem, but more so had to do with fitting the environment into the authenticator's configuration.

First you have to buy the unit, then you have to buy the license for it. I think we have a 100-user license. The price depends on the model. We have a FAC 300, which channels X number of users, so if you have a lot more users, you're going to buy a higher model, like with any other solution. 

We got the reseller price, so we paid $3,450 for the authenticator model itself. The support contract is about $2,900 for three years, which is a pretty good deal.
Then you've got to pay the fee for their help with the installation. That was like $6,000, but it varies depending on the vendor. So between paying them to help with the configuration, the box itself, and the support, it came to like $12,500, including a three-year service agreement.

The only other cost is for the SMS messages, which are not expensive. It's under $30 for like 100 SMS messages, so it's not a big deal.

My advice to people considering this solution is that I think you need somebody who has experience with FortiAuthenticator, and most places are going to have to use a third party to get it installed correctly. I also think the third parties have some leverage on accessing the higher level of Fortinet support, which helps. I think you can do certain parts yourself, like preparing the device for your active directory, but when it comes to actually getting comfortable with the commands and knowing what you're doing, you need a third party to help you get it installed correctly.

I would rate this solution as a nine out of ten.

We use the product network device authentication for Linux and Windows server integrations.

The product is good, cost-effective, and functionally efficient. It has a valuable capability to work as a virtual machine and integrate with Active Directory.

They could expand FortiAuthenticator's capabilities to accommodate a broader range of environments. It needs a user-friendly interface and intuitive console for those needing in-house solutions. Additionally, there should be a mobile-centric approach for remote control capabilities while proceeding.

We have been using Fortinet FortiAuthenticator for more than ten years.

The product is stable in our production environment.

We have 5000 Fortinet FortiAuthenticator users in our organization.

They could improve the response time for severe cases. At present, they reply within a day or two. However, they do provide good solutions.

Positive

We have used Cisco's firewall products before. In comparison, Fortinet is more user-friendly and easy to configure.

We require two administration executives to manage the product.

We provide implementation and maintenance support for all our customers.

The product has affordable pricing compared to other vendors. They offer valuable features considering the cost.

Fortinet FortiAuthenticator is a very popular and robust product in the market. They provide integration with third-party applications.

I rate it an eight out of ten.

In my company, we use Fortinet FortiAuthenticator as a AAA server. We use it to integrate with LDAP and integrate with FortiGate in multiple locations with centralized authentication. We can authenticate the users since Fortinet FortiAuthenticator allows for two-factor authentication and FortiClient.

FortiGuard supports two-factor authentication or FortiToken, but it is only for a centralized location. With Fortinet FortiAuthenticator, we can allow centralized locations and users across the globe to use it.

Documentation is an area where Fortinet is constantly trying to improve.

For improvement, Fortinet needs to ensure that they provide quick support to users. Once a ticket gets created by our company with the support team, we have to wait for SLA, which can go up to four or sometimes six hours. Fortinet sometimes needs to respond to users facing issues within an hour. Fortinet needs to improve the part of engineering SLAs.

Automation is a feature I would like to see in the solution since Fortinet has included automation features only in FortiGate. It would be better to see automation features, like backup, interfaces, or statuses, in FortiAuthenticator.

I have been using Fortinet FortiAuthenticator for five years. My company has a partnership with Fortinet.

It is a stable solution.

It is a scalable solution since the tool provides its users with the option to scale up.

With Fortinet FortiAuthenticator, I work for medium and large enterprises.

I rate the technical support an eight out of ten.

Positive

The initial setup of Fortinet FortiAuthenticator is easy.

Fortinet FortiAuthenticator's deployment takes an hour if everything is up and running.

Three to four engineers are required for the deployment of the product.

Everything in the tool, including the tool's GUI, is user-friendly. 

The solution is easy to maintain, provided we know about the product. It is not a complicated tool, making learning easy for all. Some skills are required for a person to be able to maintain the solution.

With FortiGate, anyone can access or handle the tool, especially if they have handled other products. With FortiAuthenticator, opportunities to first understand the product to be able to use it.

I rate the overall product a nine out of ten.

In my recent job, I worked in tandem with Fortinet to enable 802.1X authentication for the Wi-Fi environment.

The web feature is quite versatile. It serves as the sole server authenticator and is valuable not only with FortiGate products but also within the entire Forti system, making it highly useful for me. However, from my experience, I find the visual data to be less practical. While some features might be more respected than others, it's valuable that, for instance, when a customer has a new lead cluster, I can authenticate or leverage alternative solutions to achieve the desired outcome.

The only issue I encounter is that when not using FortiAuthenticator for an extended period, it's typical to encounter some obstacles in the configuration process that you need to address. It's not a consistent problem, and I can't recall all the specifics. This issue is something I face with the entire product. While it's normal for products to require ongoing attention, this can be a challenge when checking the system.

I have experience with Fortinet FortiAuthenticator.

I recollect instances when customers didn't approach me about their issues, instead opting to submit tickets. From a personal perspective, customer mobility played a role, and sometimes I wasn't fully aware of the problem until later. However, I can't recall many details about these cases.

It's scalable. If the need arises, you can easily set up a cluster with two or more units. Additionally, if you require more licenses or features, you can expand.

It works well for me. I can review the initial check, explain it thoroughly, outline the subsequent steps, and attempt to address the problem. This often involves quickly escalating to technical levels two or three. In situations where I open a general ticket, it's standard to begin with a level one tech who collects information to understand and resolve the issue. The more detailed and accurate the data is, the easier it becomes to find a resolution.

Positive

It is deployed on-premises. One or two days for initial deployment is insufficient. It typically takes a few more days to set up the specific configurations. The standard device configuration is exceptionally fast.

Based on my experience it's been very good. I don't have much knowledge, for instance, about how it compares to Gartner's system and its current position in the market, or whether there are other systems that might have a better position. I've noticed that Fortinet lacks certain features that other solutions have implemented. This leads me to explore and understand other solutions, looking for differences. I've observed that some solutions offer features that Fortinet may excel in, while others may have strengths in different areas. I would rate it an eight out of ten overall. 

We use Fortinet FortiAuthenticator to maintain security, and access, and monitor authentication and authorization processes. It enables the proper functioning of the CA server. We can use various authentication methods, including EFTOS parameters like PKI (Public Key Infrastructure) for the CA server.

The product’s most valuable feature is integration with FortiGate, FortiToken, FortiTalk, and multi-factor authentication. It is inexpensive compared to Cisco and Clear Pass.

Fortinet FortiAuthenticator provides only authentication. It should also enable authorization services. There could be a central management point for both the services similar to Cisco and Clear Pass.

We have been using Fortinet FortiAuthenticator for around a year.

It is a stable product. I rate the stability a ten out of ten.

It is a scalable product. It is suitable for medium and enterprise businesses. Its scalability is a seven or eight out of ten.

Fortinet provides good support services.

Positive

Compared to Fortinet FortiAuthenticator, Cisco is a complicated tool to use. It is difficult to configure as it has many features. It is scalable but needs to be a more stable product.

The initial setup is very easy. It takes an hour to complete.

The product is inexpensive compared to Cisco. I rate its pricing a three to five out of ten.

I recommend Fortinet FortiAuthenticator and rate it an eight out of ten.

My environment is multi-cloud. I have a production workload in Nigeria. I have some data centers in Continental Europe and in the East US in multiple regions. We operate both on-premises and on two different public clouds: AWS and Azure. At the time, because of how Fortinet worked, we connected to our customers via remote access VPN.

Because of the nature of Amazon Infiniti, it had a very big impact in Africa and on how we implemented our SA as the most effective authentication service for our VPN. 

Originally, when people tried to connect, they had to put in their original credentials and send a request back. The issue here started before software tools were being used, and hardware tools had to be used for privacy. We had to have five firewalls and five different token devices. It was very clumsy and not efficient.

We decided to go with FortiAuthenticator because it provides us with a single point of authentication, instead of having an authenticator on each one of the firewalls. Only five to twelve hours are connected on the back and then Citrix will send us an email or a text message. We can then easily and seamlessly use the solution.  

The first valuable feature is being able to see everything on one platform. This includes logs and authentication failure.

The second valuable feature is that the delivery and delivery methodology is toll-free. This includes email configuration, using the mobile app, and text message delivery. There is no need to buy any extra hardware, it is free.

The third valuable feature is that the chip that is applied is free.

We save a lot of money on consolidating tool teams. We have multiple different tool teams. This solution provides us with a single point of authentication for all of the files in all of the teams' environments.

The user interface can be improved.

The technical support team is bad. 

Neutral

The cloud deployment felt limited, but there was valuable information on the Internet. A lot of testing needs to be done, and the deployment is easier for those who understand how to do it on the cloud. We needed support here and the support team could not figure out the issue. Eventually, one of the support team members helped, but there was still an information gap.

It is usually cheap. Without a license, you can use some basic features. You can buy a 20-year license and implement the solution once.

I rate the overall solution a nine out of ten, due to support issues.

I am using Fortinet FortiAuthenticator for SSL and logins.

The most valuable features of Fortinet FortiAuthenticator are easy to configure, secure, and the application has good performance.

It would be helpful to receive a code by yourself for authentication instead of it registered to a phone.

I have been using Fortinet FortiAuthenticator for approximately two years.

I rate the stability of Fortinet FortiAuthenticator a nine out of ten.

Some additional features would be helpful.

Our customers are enterprise-sized companies.

I rate the scalability of Fortinet FortiAuthenticator an eight out of ten.

The support is responsive and the support is in our local language.

I rate the support from Fortinet FortiAuthenticator a nine out of ten.

Positive

The initial setup is simple compared to other solutions. 

I price of the solution is expensive.

I rotate the price of Fortinet FortiAuthenticator a seven out of ten.

We have one person for 100 users of the solution.

I rate Fortinet FortiAuthenticator a nine out of ten.