Fortinet FortiAuthenticator Reviews

We use Fortinet FortiAuthenticator, mostly where wireless or wired authentication needs to be integrated between multiple identity stores.

The most valuable feature of the solution is RADIUS service and the social network integration feature.

The GUI has some shortcomings and can be made better. The GUI is not great.

For the next release, the thing that will be most useful is to integrate with other MFA providers.

I have been using Fortinet FortiAuthenticator for four years. My company has a partnership with Fortinet. We are also resellers.

Stability-wise, I rate the solution a nine out of ten. I have only ever known one stability problem.

Scalability-wise, I rate the solution an eight out of ten.

I think that commercially it is not valid for a very small number of users. It doesn't scale down all the way. I think that although it can be scaled up to thousands of users, it wouldn't be suitable for, like, a mobile network scale if you have got 50,000 or 1,00,000 users.

At the entry point, we have more than 100 users.

I have directly contacted the solution's support. They are very helpful. They do require a lot of supporting information, but they are very effective for what they do. I rate the technical support a nine out of ten.

Positive

Regarding setup, I would say that it is straightforward but not simple. It's not a job for the novice, but it is straightforward for an experienced engineer. Also, my clients normally ask for help.

The solution gets deployed on physical, virtual, and SaaS.

On a scale of one to ten, where one is a high price and ten is a low price, I rate the pricing a seven.

Price-wise, it is competitive, but they still charge.

For comparing or evaluating Fortinet FortiAuthenticator, the competitors I would normally expect to see would be RSA Security with their SecurID product. Also possibly, I would say that you would compare it against Duo or Okta.

Fortinet FortiAuthenticator is better since it is very much use-case dependent. I think a Fortinet-heavy environment where the customer already has a lot of investment into Fortinet makes it easier since it integrates more closely with their network equipment, like their firewalls. Also, it does not always require an on-premise component to provide services like RADIUS.

People who are looking to implement the product should pay attention to scaling and plan deployment thoroughly before starting, as for many things, once the decision is made, some things are difficult to change.

I rate the overall solution an eight out of ten.

The solution syncs with our active directory and allows configuration for 
two-factor authentication. We're using the two-factor authentication for our Office 365 email and cloud. We needed a way to use the authenticator to configure a trusted network so that when the users are in-house, on our network, they don't get prompted for two-factor. We don't want to go through that rigmarole every time, so basically it authenticates through active directory that this trusted network that we're on is going to encrypt the data. Then, when they're not on a trusted network or they're at home and trying to log in, the user gets a SMS message to put in a token to validate their identity for their email username and password.

The most valuable feature is the flexibility in using the SMS messages. People give me their cell phone numbers, I put them in the active directory, it syncs over to the authenticator, and then they're able to use the two-factor authentication when they're at home or doing something outside of our network.

It was very hard to find the right people to help us set up the solution. We hired a third party, but they were not as helpful as they could have been. After that, we got a higher level of support through Fortinet, and they engaged with us and worked out the final bit. The connectivity between Microsoft Office and the authenticator is very tricky when it comes to certificates and you need more expertise for that, so if you don't have the experience, you need a higher level person to help with it.

I would like to see more support from Fortinet with tech support people who have as much expertise on the authenticator as they do on their firewalls. They don't have enough people with that expertise.

Once you get comfortable, you want to ask questions like "Okay, what if I do this, what is the impact?" You don't know what changes you can apply until they happen. It's better to have somebody who knows what they're doing, and knows what changes you apply are going to make a difference. Once I was able to talk to the second level Fortinet person I said, "Well, what does this do? What does that do?" Then he helped me and I said, "Okay." That makes a difference, because it's new and you don't know what you're supposed to do.

I have been using this solution for about five months. 

The stability of the solution has been very good. I haven't had any issues. 

The funny thing is, when I first got the authenticator there was a problem with it and I couldn't get it configured. I had to go through Fortinet to troubleshoot the fact that it was basically inoperable. I had to send it back and then they sent me another one, and that one has worked fine, so that was just one of those freak things that happens.

I think you can scale it toward different functionalities. For example, we have a Fortinet firewall and I could have used 40 tokens to configure the authenticator for that usage, but I chose to use it just for the email. In the same vein, there's scalability for other applications, servers, and cloud servers to set up a two-factor configuration on this authenticator. For other applications you have to pony up with the vendor who's doing it and log into their application in the cloud, then they have to be able to coordinate this thing, so that's kind of hard to figure out.

We use the solution for anybody who wants to have remote access to their email, so pretty much anybody who says, "Yeah, I'm going to be checking my email from home," I configure it so that they can do that. I'd say most everybody in our company has it. Whether they use it or not is a different story, but I have to buy SMS messages licenses for every person who wants the option to use it.

You only need one person, like myself, for maintenance. Once it's up and running, people can log in and get their email, and if there are issues I can look at the log and say, "Well, it's telling me you're putting the wrong password in or username." Or it shows, "Oh, you got it right. Success." 

The solution is an integral part of our security for our email network, and like I said, we'll begin using it for other cloud applications. We signed a three-year contract for the solution, so it's here to stay.  

The tech support is okay. If you have complex problems, there are not enough people to help, and you have to get to a higher level of support, so it can be a little challenging to get to the right person. That's on Fortinet as a company, though; what they provide is excellent. It's just getting to the right person.

We used to use an authenticator called Duo, but we're a small rural hospital, and that solution is a lot more expensive. It was probably at least three times the cost of Fortinet. The other thing was that I already had a Fortinet firewall, so I wanted something in conjunction with that to work alongside it.

It was complex when it came to the active directory portion of the product. Knowing what was required to have the active directory integration with the authenticator was a little tricky, and figuring out how the users' email addresses were going to be displayed. When you go to Office 365, it redirects it back to the authenticator and you have to make sure you have the right configuration and the right domain because it inputs it based on your domain name. It was difficult to get that figured out.

We used a third party in conjunction with higher level Fortinet support for deployment. We had to get a certificate and the third party helped us with that, and then we had to talk with Microsoft too, so it was tricky.

During setup it was hard to make sure that the solution was doing what it was supposed to do. There were different factors that made it difficult, but it might have been because the person who was trying to implement the solution didn't understand it fully. There were some inconsistencies in standards for active directory account names, for example, usually you'd have first initial, last name, and that would be your domain name. However, we had some older users, myself included, that had a different format that included their department name, like 46-JMoore for example, and the authenticator didn't understand that. You'd have to tell the user, "Okay, you're using this old formatting for your username, but you need to put it in differently so the authenticator can understand it." It wasn't really the authenticator's problem, but more so had to do with fitting the environment into the authenticator's configuration.

First you have to buy the unit, then you have to buy the license for it. I think we have a 100-user license. The price depends on the model. We have a FAC 300, which channels X number of users, so if you have a lot more users, you're going to buy a higher model, like with any other solution. 

We got the reseller price, so we paid $3,450 for the authenticator model itself. The support contract is about $2,900 for three years, which is a pretty good deal.
Then you've got to pay the fee for their help with the installation. That was like $6,000, but it varies depending on the vendor. So between paying them to help with the configuration, the box itself, and the support, it came to like $12,500, including a three-year service agreement.

The only other cost is for the SMS messages, which are not expensive. It's under $30 for like 100 SMS messages, so it's not a big deal.

My advice to people considering this solution is that I think you need somebody who has experience with FortiAuthenticator, and most places are going to have to use a third party to get it installed correctly. I also think the third parties have some leverage on accessing the higher level of Fortinet support, which helps. I think you can do certain parts yourself, like preparing the device for your active directory, but when it comes to actually getting comfortable with the commands and knowing what you're doing, you need a third party to help you get it installed correctly.

I would rate this solution as a nine out of ten.

We use the product network device authentication for Linux and Windows server integrations.

The product is good, cost-effective, and functionally efficient. It has a valuable capability to work as a virtual machine and integrate with Active Directory.

They could expand FortiAuthenticator's capabilities to accommodate a broader range of environments. It needs a user-friendly interface and intuitive console for those needing in-house solutions. Additionally, there should be a mobile-centric approach for remote control capabilities while proceeding.

We have been using Fortinet FortiAuthenticator for more than ten years.

The product is stable in our production environment.

We have 5000 Fortinet FortiAuthenticator users in our organization.

They could improve the response time for severe cases. At present, they reply within a day or two. However, they do provide good solutions.

Positive

We have used Cisco's firewall products before. In comparison, Fortinet is more user-friendly and easy to configure.

We require two administration executives to manage the product.

We provide implementation and maintenance support for all our customers.

The product has affordable pricing compared to other vendors. They offer valuable features considering the cost.

Fortinet FortiAuthenticator is a very popular and robust product in the market. They provide integration with third-party applications.

I rate it an eight out of ten.

My environment is multi-cloud. I have a production workload in Nigeria. I have some data centers in Continental Europe and in the East US in multiple regions. We operate both on-premises and on two different public clouds: AWS and Azure. At the time, because of how Fortinet worked, we connected to our customers via remote access VPN.

Because of the nature of Amazon Infiniti, it had a very big impact in Africa and on how we implemented our SA as the most effective authentication service for our VPN. 

Originally, when people tried to connect, they had to put in their original credentials and send a request back. The issue here started before software tools were being used, and hardware tools had to be used for privacy. We had to have five firewalls and five different token devices. It was very clumsy and not efficient.

We decided to go with FortiAuthenticator because it provides us with a single point of authentication, instead of having an authenticator on each one of the firewalls. Only five to twelve hours are connected on the back and then Citrix will send us an email or a text message. We can then easily and seamlessly use the solution.  

The first valuable feature is being able to see everything on one platform. This includes logs and authentication failure.

The second valuable feature is that the delivery and delivery methodology is toll-free. This includes email configuration, using the mobile app, and text message delivery. There is no need to buy any extra hardware, it is free.

The third valuable feature is that the chip that is applied is free.

We save a lot of money on consolidating tool teams. We have multiple different tool teams. This solution provides us with a single point of authentication for all of the files in all of the teams' environments.

The user interface can be improved.

The technical support team is bad. 

Neutral

The cloud deployment felt limited, but there was valuable information on the Internet. A lot of testing needs to be done, and the deployment is easier for those who understand how to do it on the cloud. We needed support here and the support team could not figure out the issue. Eventually, one of the support team members helped, but there was still an information gap.

It is usually cheap. Without a license, you can use some basic features. You can buy a 20-year license and implement the solution once.

I rate the overall solution a nine out of ten, due to support issues.

In my company, we use Fortinet FortiAuthenticator as a AAA server. We use it to integrate with LDAP and integrate with FortiGate in multiple locations with centralized authentication. We can authenticate the users since Fortinet FortiAuthenticator allows for two-factor authentication and FortiClient.

FortiGuard supports two-factor authentication or FortiToken, but it is only for a centralized location. With Fortinet FortiAuthenticator, we can allow centralized locations and users across the globe to use it.

Documentation is an area where Fortinet is constantly trying to improve.

For improvement, Fortinet needs to ensure that they provide quick support to users. Once a ticket gets created by our company with the support team, we have to wait for SLA, which can go up to four or sometimes six hours. Fortinet sometimes needs to respond to users facing issues within an hour. Fortinet needs to improve the part of engineering SLAs.

Automation is a feature I would like to see in the solution since Fortinet has included automation features only in FortiGate. It would be better to see automation features, like backup, interfaces, or statuses, in FortiAuthenticator.

I have been using Fortinet FortiAuthenticator for five years. My company has a partnership with Fortinet.

It is a stable solution.

It is a scalable solution since the tool provides its users with the option to scale up.

With Fortinet FortiAuthenticator, I work for medium and large enterprises.

I rate the technical support an eight out of ten.

Positive

The initial setup of Fortinet FortiAuthenticator is easy.

Fortinet FortiAuthenticator's deployment takes an hour if everything is up and running.

Three to four engineers are required for the deployment of the product.

Everything in the tool, including the tool's GUI, is user-friendly. 

The solution is easy to maintain, provided we know about the product. It is not a complicated tool, making learning easy for all. Some skills are required for a person to be able to maintain the solution.

With FortiGate, anyone can access or handle the tool, especially if they have handled other products. With FortiAuthenticator, opportunities to first understand the product to be able to use it.

I rate the overall product a nine out of ten.

We primarily use the solution to gain VPN access to the main client site. 

The authentification for the VPN is quite useful.

It is easy to set up.

The product is stable and reliable. 

The solution is reasonably priced.

Technical support has proven to be helpful. 

We had issues trying to integrate the keys properly during the initial setup.

We have only used the solution for about a year or so. We haven't used it for too long just yet.

I have no complaints in relation to the stability. It's reliable. There are no bugs or glitches. It doesn't crash or freeze. 

We only have around 20 users. Our use case isn't very big. Therefore, we haven't really needed to scale so much. 

We haven't used technical support yet, aside from the migration issue. They were fine. They were able to help us. 

The implementation process is simple and straightforward. It's not overly complex. 

It was deployed in about four hours or so. It doesn't take too long. However, we had many issues when we upgraded the equipment. The keys were not integrated properly and therefore it wasn't completely simple to manage.

We had one engineer handling the deployment. 

I haven't looked into if we have seen any ROI just yet.

The licensing costs are reasonable. It's not overly expensive. We pay either by the number of users or for a certain number of users that fall under a specific licensing tier. 

I'd rate the solution eight out of ten. We've been pretty happy with its capabilities overall. This is a very important product if a company wants to use a VPN. It's great for clients that already use Fortinet products. 

We use it for single sign-on. After connecting to VPN it creates an active directory or up session and we know who it is and then we use Fortinet FortiAuthenicator. 

I prefer the passing tool that sent an active directory console to a Fortinet FortiAuthenticator, then Fortinet FortiAuthenticator not passing the locks. If I ask the Fortinet FortiAuthenticator, give me the name of the group. FortiAuthenticator passes the lock, the group name, or the directory.

I would like to see more security features in reference to identity login or identity identification. I would like to see a troubleshooting option. For troubleshooting or viewing the lock of the device set or separate the locks from the connected device. Maybe with any device connected to the Fortinet FortiAuthenticator. And then I need the parsing device and type of locks of this device.

I have been using Fortinet FortiAuthenticator for the past two months. Before that, we were only testing Fortinet FortiAuthenticator.

I believe Fortinet FortiAuthenticator is stable.

We are finding it to be fully scalable at this point one hundred percent.

Technical support is excellent with Fortinet FortiAuthenticator.

Positive

The initial setup was straightforward. The only problem we faced was the POC. We configure only through self-configuration. If we had an integrator or consultant to configure Fortinet FortiAuthenticator it would be easier than doing a self-configuration.

It was easy for me, but I had to read the documents about LDAP authentication. I did an in-house self-configuration. It was time-consuming.

When we buy the Fortinet FortiAuthenticator device there is a comparison between price and security. We have a government organization and we want to buy cheap products.

I would rate Fortinet FortiAuthenticator an eight out of ten.

I like the self-registration capabilities.

The certificate authority aspect is excellent. 

I love that there is a single sign-on for Fortinet products. 

The initial setup is very easy.

It is a stable product.

The solution can scale as necessary.

Technical support is good. 

Fortinet has another product called FortiNAC. These two solutions work together well.

The integration with other products, for example, some SAML authentications, would make it more flexible.

I've used the solution for two years. It hasn't been too long. 

The solution is stable. It's reliable. There aren't any bugs or glitches and we find that it does not crash or freeze.

It can scale if you need it to. The solution can expand. 

In general, Fortinet technical support is good. We have only had the solution for a small amount of time. We haven't used their support that much. Their response time has been very good. 

I found the initial implementation process to be simple and straightforward. I didn't find it to be overly complex. There aren't too many features, unlike an FortiNAC solution, that need to be set up.

I've evaluated the difference between Fortinet and Cisco in the past.

I'd advise new users to configure the backup, routine backup, to get the most out of the product. You can have problems if you don't.

In general, it's a simple product and we've enjoyed it. 

I'd rate the solution seven out of ten.