Coming October 25: PeerSpot Awards will be announced! Learn more

Fortinet FortiAuthenticator OverviewUNIXBusinessApplication

Fortinet FortiAuthenticator is #2 ranked solution in top Single Sign-On (SSO) tools and top Authentication Systems. PeerSpot users give Fortinet FortiAuthenticator an average rating of 7.6 out of 10. Fortinet FortiAuthenticator is most commonly compared to Fortinet FortiToken: Fortinet FortiAuthenticator vs Fortinet FortiToken. Fortinet FortiAuthenticator is popular among the large enterprise segment, accounting for 50% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 22% of all views.
Fortinet FortiAuthenticator Buyer's Guide

Download the Fortinet FortiAuthenticator Buyer's Guide including reviews and more. Updated: October 2022

What is Fortinet FortiAuthenticator?

Fortinet FortiAuthenticator is the primary secure point of approved access into the Fortinet network, authorizing users, reviewing access permissions, and relaying the information to all Fortigate devices for comparison with identity-based protocols. Fortinet FortiAuthenticator is a top-ranked authorization and SSO solution.

Appropriate secure access is fundamental to every role in an enterprise ecosystem. It is an integral function of every organization to ensure that every access and privilege is secure and to mitigate any possible risk to an organization. Approved users should only have access to the necessary information when they need it, from the appropriate location(s) to safeguard an organization's security at all times.

Fortinet FortiAuthenticator is available as an appliance, virtual machine, or in the cloud.

Fortinet FortiAuthenticator Methods

  • FSSO: FortiAuthenticator Single sign-on user will easily identify users and assign role or group access based on preset identity-based protocols. FortiAuthenticator integrates well with third-party LDAP or active directories, is very flexible, and combines these methods to provide effective security.

  • Active Directory Polling: Active directory access is securely identified by consistent polling of domain controllers. As users log in, username, IP address, and other details are logged into the database and can be shared across devices as directed by FortiAuthenticator protocols.

  • FortiAuthenticator Portal and Widgets: If a user system does not support AP polling, or for other reasons it is not feasible, FortiAuthenticator offers a unique secure authentication portal. Users can be manually authenticated and, to diminish the effect of numerous logins, an intuitive set of widgets is available to integrate into an organization's ecosystem that will automatically grant access to users when they access the organization's intranet homepage.

  • RADIUS Accounting Login: For organizations that use RADIUS authentication, RADIUS Accounting is available for user identification. This process will prompt user access information (IP and group, etc.) and eliminate the need for multiple levels of authentication.

Reviews from Real Users

Ernesto C., Presales Engineer at a comms service provider, shares,

”Key Features and Benefits

  1. Two-factor/OTP Authentication with FortiToken: Enforce user-based policies. Fortitoken is available in soft and hard versions for flexible usage. Most Valuable in Mobile Phones App for OTP.
  2. Integration with LDAP and AD: This solution integrates with existing enterprise systems and technologies from diverse vendors of user information management systems.
  3. LPAD/AD/RADIUS/SYSLOG/KERBEROS/REST API/FSSO and Web Portals: There is flexible integration with these services.
  4. It is usable in network, WAN, wireless, and VPN Scenarios.
  5. The domain and guest-users support are good.”

Ibrahim M., Senior Network & Security Engineer at a tech services company, relates, "The initial setup is a valuable point on Fortinet products. Most of the time, putting the theory into practice on the devices is quite friendly and straightforward. As long as you can read English you can find your way around the solution and make it work. This is a high value point on Fortinet - the way everything is laid out in the web UI is user-friendly and quite straightforward. The UI is quite simple."




Fortinet FortiAuthenticator was previously known as FortiAuthenticator.

Fortinet FortiAuthenticator Customers

Black Gold Regional Schools, Amadeus Hospitality, Jefferson County, Chunghwa Telecom, City of Boroondara, Dimension Data

Fortinet FortiAuthenticator Video

Archived Fortinet FortiAuthenticator Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Information Technology Manager at a tech services company with 51-200 employees
Real User
Good security and easy to use with good technical support
Pros and Cons
  • "The ease of use is really nice. Using Authenticator, I've been able to actually work better on my authentication due to the fact that I have a single fabric to authenticate control from my firewall and on my access points. Authentication takes place from this area."
  • "The solution could be more automated. It should be able to let me automate a lot of things so that what normally is done as a matter of manual processes can be handled quicker. Slow integrations can be taken up/out if there was more automation."

What is most valuable?

The most valuable aspect of the solution is the security. It's great. 

The ease of use is really nice. Using Authenticator, I've been able to actually work better on my authentication due to the fact that I have a single fabric to authenticate control from my firewall and on my access points. Authentication takes place from this area. 

It's easy to use for us due to the fact that, for each and every user, even a Mac user, we're able to easily retrieve them and add them. The authenticator syncs to my system and brings all the users to me under my firewall. 

What needs improvement?

For us, the solution works quite well. I can't think of an area where improvements are needed. I haven't worked with it too extensively yet, so it's hard to gauge what's lacking.

The solution could be more automated. It should be able to let me automate a lot of things so that what normally is done as a matter of manual processes can be handled quicker. Slow integrations can be taken up/out if there was more automation.

For how long have I used the solution?

I've only worked with the solution for five or six months at this point. I haven't worked with it extensively, although I do have an understanding of how it works and what to do, as well as how to configure it.

What do I think about the stability of the solution?

It's a stable product that integrates well with other products (such as FortiNAC). It's reliable. It doesn't give us any problems. We don't have to worry about bugs or glitches of the system crashing.

Buyer's Guide
Fortinet FortiAuthenticator
October 2022
Learn what your peers think about Fortinet FortiAuthenticator. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,987 professionals have used our research since 2012.

What do I think about the scalability of the solution?

The solution is scalable. While we have plans to grow it out and integrate it a bit more with other solutions, we're not at that stage yet.

We are a company of about 200 people. The whole organization uses it at this point. All authentication happens through FortiAuthenticator.

How are customer service and support?

I'm really happy with the technical support. They are responsive and knowledgable.

Which solution did I use previously and why did I switch?

Before using FortiAuthenticator we were not using anything else. We just were controlling everything from our Fortinet firewall. That was the only equipment which we had at that point in time. Now, we have got FortiAuthenticator.

Going forward we might go for FortiNAC. That might be in the cards for us. However, we're not immediately going to make the switch as it offers access control.

How was the initial setup?

The initial setup wasn't a problem at all. It was handled by certified Fortinet engineers. For that reason, it wasn't complex or difficult.

What about the implementation team?

We had certified Fortinet engineers assist us with the initial implementation. They handled the setup and configurations as well.

What other advice do I have?

We're just end users. We don't have a special relationship with the company.

We're using the latest version of the solution. It might be something around version six.

I would recommend FortiAuthenticator to other organizations.

It is really a good product. Somebody looking for a good security product should go with FortiGate products. New users should explore all the features and see how they can maximize usage.

Overall, I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Manager at a financial services firm with 501-1,000 employees
Real User
On-premises deployment and excellent log details make this product valuable
Pros and Cons
  • "The logs have great detail that make it easier to evaluate and control the security environment."
  • "It can not use SQL to query FortiAnalyzer directly."

What is our primary use case?

Our primary use case for Fortinet FortiAuthenticator is, first of all, as a two-factor VPN for enhanced access security. We use this product to provide secure access for all of our employees. 

Our other use cases have to do with using FortiAuthenticator for other security projects which includes things like access to some important web applications. 

What is most valuable?

One of the things I find most valuable in FortiAuthenticator is the detail in the logs. The log features are very good and the detail makes it easier to control what happens in the environment. 

Another valuable feature is that it is an on-premise solution. Because of some regulations, we can not use this particular type of product for security on cloud. We chose FortiAuthenticator because it is an on-premise solution. 

What needs improvement?

There is nothing that really stands out as something that needs desperately to be added or improved. We are using Fortinet all the time, we know their GUIs, so we can manage well with FortiAuthenticator also. 

The main problem now is not exactly with the product itself. We are using FortiAnalyzers. But when we use that product with FortiAuthenicators, we can not use SQL language to access data from the FortiAnalyzers database. When we use it with FortiGate, we can query the FortiAnalyzers database, but it is not possible to do it directly with the FortiAuthenicators. This integration should be better. 

What do I think about the stability of the solution?

We have not really faced any problems with stability up until this point. The product has not given us any reason to question the stability. 

How are customer service and technical support?

We have not needed to use the Fortinet technical support up until now. I do not know about it firsthand. The product is very easy-to-use and someone can easily manage working with it, so we do not need any support. We do have the support contract, but we have not used it at all. 

How was the initial setup?

The initial setup was not complex at all. It is actually very easy. 

What's my experience with pricing, setup cost, and licensing?

I think FortiAuthenticator is more expensive than other products like Cisco Duo. It could be more competitively priced. 

We want to use high-availability in our products, so we need to get a higher grade and more expensive license for that purpose. 

What other advice do I have?

On a scale from one to ten where one is the worst and ten is the best, I would rate Authenticator as about a seven-point-five. If it has to be seven or eight, I would choose eight. 

I have not used many products in that category with our site, but we can do what we want and need to do with that product. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Fortinet FortiAuthenticator
October 2022
Learn what your peers think about Fortinet FortiAuthenticator. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,987 professionals have used our research since 2012.
Network Security Engineer at Technicom Mali
Real User
Helps with SSL two-factor authentication but the graphical interface is outdated
Pros and Cons
  • "We use this product for SSL two-factor authentication and FortiToken management."
  • "It does the job I paid for, but the graphical interface could be improved."

What is our primary use case?

We use this product for SSL two-factor authentication and FortiToken management.

What needs improvement?

It does the job I paid for, but the graphical interface could be improved. If we take FortiGate or Fortinet, the graphical user interface is better designed. I think they can work on this.

It would be good to remove the FortiAuthenticator or to combine FortiAuthenticator and Fortinet. That would provide a single platform that can manage network access and user management. It doesn't make sense for me to sell FortiAuthenticator to a customer and then sell them Fortinet as well. I think they should just combine them into one solution.

For how long have I used the solution?

We've been using this solution for two years.

What do I think about the stability of the solution?

The solution is stable. I installed it two years ago, but we rarely check the internet for changes. It's really stable. We don't have problems.

What do I think about the scalability of the solution?

I think it's scalable. There are two kinds of appliances: virtual and physical. If you do a good sizing, the physical one can remain with the customer for a long time. The virtual one can be increased as you need. You can pay as you go with them. You purchase a base license and add to it as needed.

I have done an installation at an operator with over 200 users. That is the biggest one I've done.

How are customer service and technical support?

I don't usually have problems with this solution so I rarely test the support features. I cannot evaluate the support team.

How was the initial setup?

It was straightforward to implement and took one day to deploy.

What other advice do I have?

I would rate this solution as seven out of ten. I know there are other solutions that have a more modern graphical interface and provide better user management functionality. We need to tell the customer to get two solutions instead of doing the job with just one. I think I could give eight or nine to another solution, but FortiAuthenticator should be a seven.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
WahidAlarasi - PeerSpot reviewer
Solutions Architect at Exclusive GRP
Real User
Enables us to have multifactor authentication using two-factor authentication
Pros and Cons
  • "For someone concerned with multifactor authentication, I'm satisfied with the product."
  • "No SMS gateway from the ISP"

What is our primary use case?

I am a solution architect and my company works purely for Fortinet, implementing all versions on a daily basis, so we're not end-users. The company is an exclusive distributor implementing the product.

The primary use case of the product is usually for multifactor authentication using two-factor authentication with tokens. Sometimes people require two factors with a token. Sometimes they need the latest POC. I do a proof of concept for windows login. They need the agent who authenticates with SMS, token or email.

What is most valuable?

Usually, I do an integration with the firewall. I would prefer to do it with FortiGate, but sometimes I need to integrate as a radius client and it depends on which firewall. I prefer FortiGate. Sometimes they'll need to add an SMS as the second factor of the two-factor authentication. But usually, we do it as an unarmed radius FortiGate, or firewall would be for a radius client and radius server. Sometimes clients will ask whether we have integration with a social portal like Facebook, but we don't. 

What needs improvement?

There aren't any major features that I think should be improved. I like this product. As a multifactor authentication, we have the SAML function. If you compare it with RSA or Gemalto, it does a good job. I'm able to perform multifactor authentication in different ways via emails, SMS, it's a great product. For someone concerned with multifactor authentication, I'm satisfied with the product.

There aren't any major additional features they could include in the next release but the one thing they used to include was the SMS gateway from the ISP. Fortinet used to sell that but they don't anymore and I think it would be helpful for end-users if they brought it back. I would recommend that. People are asking for it because they don't like having to rent it from their mobile provider. 

For how long have I used the solution?

I've been using FortiAuthenticator for about a year.

What do I think about the stability of the solution?

The product is very stable. I love it. 

What do I think about the scalability of the solution?

I think it's a scalable product. I haven't compared it to the competitors but it's scalable. 

How are customer service and technical support?

Part of the reason it's such a good product is that I don't recall ever needing to call for technical support. 

How was the initial setup?

Initial setup and configuration are very straightforward. From a technical perspective, you need to know where to do the PDS but if you have a technical background it should be very straightforward. I just bring the VM or the trial license and I start to do the POC, usually with the VM.

Initial setup and deployment sometimes need integration with FortiGate, and sometimes via the captive portal. It takes a maximum of an hour, but it also depends on the end-user and what they need to be integrated into the system, like features such as SMS gateway parameters. 

What's my experience with pricing, setup cost, and licensing?

I think the setup cost is reasonable, and we don't need to renew the license. Sometimes there are extra costs for the VM. Our main competitors are RSA and Gemalto, and the Fortinet prices are very competitive relative to their prices. 

What other advice do I have?

As a distributor of Fortinet, I would suggest people give this product a little bit of focus. I mean we can do well on this product if we concentrate on it. People don't know about the two-factor authentication and that it's easy and straightforward. We also include some features for free but I suggest that people using Fortinet just focus on this product. FortiAuthenticator has created a straightforward easy-to-use product.  

I would rate it a nine out of ten. Not a ten because nothing is perfect. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Senior Security Engineer at a tech services company with 201-500 employees
Real User
A solution that offers easy integration capabilities, a simple setup, and good stability

What is our primary use case?

We primarily use the solution for FortiToken multi-factor authentication and as a VPN for login devices, among other cases.

What is most valuable?

The solution is easy to learn and makes it easy for our users to add FortiToken. It's very easy to integrate if you have other Fortinet devices. 

What needs improvement?

We have issues with HA (high availability). These should be addressed in future releases.

For how long have I used the solution?

I've been using the solution for two years.

What do I think about the stability of the solution?

The solution is very stable. I'd say it's about 97% stable. We haven't experienced any crashes or anything of that nature.

What do I think about the scalability of the solution?

We haven't really tested scalability that much. We have about 200 users and we don't plan to increase usage any time soon.

How are customer service and technical support?

Technical support used to be much better. Fortinet seems to be downgrading, so everything takes longer to get a response in comparison to the past. When you make a ticket it may take as much as three days before it gets assigned.

How was the initial setup?

The initial setup was very easy.

What about the implementation team?

We handled the implementation ourselves.

What's my experience with pricing, setup cost, and licensing?

The cost is okay. It's moderate to inexpensive.

What other advice do I have?

We use the on-premises deployment model. We're both customers and partners with Fortinet.

I'd rate the solution eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1179432 - PeerSpot reviewer
CEO at Blockness
Real User
A quite stable solution with decent pricing and easy installation
Pros and Cons
  • "The solution's most valuable aspect is that it easy to install. The user experience is very good."
  • "The hardware aspect of the solution could be improved. We are not really able to understand the hardware capabilities of the device."

What is our primary use case?

We primarily use the solution to get users.

What is most valuable?

The solution's most valuable aspect is that it easy to install. The user experience is very good.

What needs improvement?

I've only been using the solution for one month, so I haven't come across any glaring issues so far.

The hardware aspect of the solution could be improved. We are not really able to understand the hardware capabilities of the device.

For how long have I used the solution?

I've been using the solution for one month.

What do I think about the stability of the solution?

The solution is quite stable. They also send out upgrades quite often.

How are customer service and technical support?

Technical support is okay. There are some people that are quite experienced while others are less so. However, they always give me an answer. If you don't have local support at the regional level you may have to rely on Google a bit. In my experience, however, it's been fine. They are very quick.

Which solution did I use previously and why did I switch?

I've previously used WatchGuard. Fortinet is better for what is there, even though their prices are quite similar.

What's my experience with pricing, setup cost, and licensing?

The pricing is okay. It could always be less expensive, however.

What other advice do I have?

We use the on-premises deployment model.

I'd rate the solution eight out of ten. We have to compromise between price and functionality. If we had the money, we'd probably go with Palo Alto. However, it's much more expensive. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Mohammed Semmour - PeerSpot reviewer
Scaling Engineer at Lutessa 2S
Real User
Ensures double authentication for the user
Pros and Cons
  • "The initial setup is so easy and there is no problem in the implementation."
  • "If you want some other FortiAuthenticator from one site to another site, you should have requirements, but really if you have authentication and directory or another solution, you should change the password of the authenticator between the solution and the directory and other things. So transfer of data and other information should be simpler."

What is most valuable?

The solution is really important to ensure double authentication for the user. For example, if you have an internal messenger and you want to ensure the access externally for users, you can implement the two-factor authentication. Also, for the VPN, you can implement two-factor authentication to avoid any kind of hacks.

What needs improvement?

If you want some other FortiAuthenticator from one site to another site, you should have requirements, but really if you have authentication and directory or another solution, you should change the password of the authenticator between the solution and the directory and other things. So the transfer of data and other information should be simpler.

In the future, I think h02.exe is very important to authenticate users internally. To economically move the person from vnom to vnom. Also, the ESO to ensure the authentication of users should be a bit more automated.

For how long have I used the solution?

I've been using the solution for one year.

What do I think about the stability of the solution?

In my opinion and my experience, I didn't have any problem with the solution, just the requirements for other solutions that we should integrate with it. I think the solution is easily implemented, and, in my opinion, there is no problem with this solution. Just a bit of correction is needed, and that's it.

What do I think about the scalability of the solution?

My impression is that the solution is good and I like it and I would work with it for another project and increase my skill on the solution.

How are customer service and technical support?

I have worked with them, so I like the technical support of Fortinet. I would give them a good mark.

How was the initial setup?

The initial setup is so easy and there is no problem in the implementation. We can implement it easily in a different kind of infrastructure.

What other advice do I have?

I started working on FortiAuthenticator from last year. I have had a chance to deploy many, many projects on FortiAuthenticator. I deploy 10 next-gen projects on FortiAuthenticator. I deploy many defensive scenarios. Also, I have good experience with large products.

You should make sure to implement the requirements via experts like me, so you can implement the product carefully. In that way, you can use it clearly in a simplified manner.

For FortiAuthentication, it's a good price in comparison to any other competitor. Other products are so expensive, and the features are the same. There might be a bit of difference between the two products, but if you want just double authentication and some other features, I think I recommend the FortiAuthenticator, and it is low cost and has other defenses.

In my opinion, I recommend the solution. You can also use it for other things like h02.exe for authentication of users. Also for ESO. There are five things you can use it for, so I recommend the product. The low cost is very important for any customer.

I would rate this solution eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Datacenter Engineer at a university with 501-1,000 employees
Real User
One-time passwords help to authenticate users so we know the timing of their usage

What is most valuable?

The feature I value the most is the one-time passwords because it helps to authenticate users so you know the timing of their usage.

What needs improvement?

I don't have any issues with this solution, but it may need a better, more user-friendly interface or better design of the platform.

For how long have I used the solution?

I've been using FortiAuthenticator ( /products/fortiauthenticator-reviews ) for three years now.

What do I think about the stability of the solution?

I have found that the solution is very stable. I am officially conducting at FortiGate and I found that it was so easy to conduct my environment and control my environment with this solution. 

What do I think about the scalability of the solution?

We have seven users licensed on this solution. With FortiAuthenticator it is so easy to manage our users and it is scalable to all the users at our university or in our environment.  

How are customer service and technical support?

I am really impressed by the technical support because they were very helpful. Once we logged our complaint, we received an answer from them in no time, and they quickly fixed our issue. 

How was the initial setup?

The initial setup is very easy.

What other advice do I have?

I will recommend this solution to others who are considering to use it. I give it a ten out of ten rating.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
RAMACHANDRAR - PeerSpot reviewer
Director - Global Solutions & Customer Service at Bits and Byte IT Consulting
Real User
Cost-effective and users can be securely managed by adopting it
Pros and Cons
  • "FortiAuthenticator is a very good solution. It is all jury-based. FortiAuthenticator is very easy for anyone to understand how it works and be able to take action."
  • "Other features that would improve the product are a single sign-on where people can use their Gmail ID to log-in, etc."

What is our primary use case?

The basic use we have for FortiAuthenticator is multi-pack authentication.

How has it helped my organization?

FortiAuthenticator has helped a lot of our customers in the way that they do the business when they onboard their clients to the data center. It has drastically changed what they used to do earlier after the installation.

What is most valuable?

It is cost-effective. The users can be securely managed by adopting it.

What needs improvement?

They need to have some kind of write-up and solution document that people can access very easily. All of the Cisco documentation is available on their website and in other places. They should make it available to the public. 

The more people know about this product, the better. That will make it easier for them to position FortiAuthenticator to their customers or use the product in production.

Other features that would improve the product are a single sign-on where people can use their Gmail ID to log-in, etc. This feature we wanted and now they are rethinking it. At this stage, I can't give any other suggestions for improvement other than this.

A single sign-on is used to create a user ID and password for the user to get onto the network. You can ask them to use their LinkedIn credentials or maybe Gmail, some of the social networking credentials to gain access.  

This is useful when you are onboarding any guest users for internet access. This is something that is a very good feature which they could have integrated already.

For how long have I used the solution?

I have been using the solution a year.

What do I think about the stability of the solution?

It's very stable when compared to other products.

What do I think about the scalability of the solution?

For scalability, you need to size FortiAuthenticator properly. You should plan it initially, then make the implementation. 

It's is not 100%, maybe 80% on the scalable side. There are some places where we use it for 800 to 1000 users. With the proper deployment, we can support close to 2000 users.

You need certified people to understand this product like dedicated engineers. You need a person that knows the product and how it works. 

Otherwise, if any new person comes to FortiAuthenticator, it will be very difficult for them to understand. Over time, you'll be able to get to know the layout and how the product works.

How are customer service and technical support?

Technical support is quite good, There is something called the 8x5 and 24x7 technical support for the solutions. If you have 24x7, they will respond immediately. 

If you have 8x5, and they will respond next business day depending on how soon the TAC engineer picks your request for your deployment or ongoing support issues.

Which solution did I use previously and why did I switch?

We used a different method as a solution, primarily SafeNet, but there are others. It all depends on a customer-to-customer and case-to-case basis. It depends on the budget and what the customer asks for in the contract. 

At the end of the day, it all revolves around the money, i.e. how many dollars you pay for the solution.

How was the initial setup?

The initial setup is straightforward. It's not that complex. If you know about the product, you will be able to do the setup. 

It takes generally, one to two weeks for the full-fledged deployment. We have a demo unit. We just used that for showcasing the capability of the device to all of our customers. 

Once they start using it, they would advise on the deployment.

What was our ROI?

There is an economic investment on this product that compares to other products from Cisco. There is a ROI on this product.

What's my experience with pricing, setup cost, and licensing?

You buy the pack for 100 to 200 users. Once it goes over, you have to renew it on a yearly basis. It may be on a term where you license for one business. Officially, the authentication license has a third-party involved. Then you need to take your action. 

I don't see any additional license costs from FortiAuthenticator, but for the add-on features like MS Gateway, etc., you need to buy them.

What other advice do I have?

FortiAuthenticator is a very good solution. It is all jury-based. FortiAuthenticator is very easy for anyone to understand how it works and be able to take action.

I would rate FortiAuthenticator with an eight to nine.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Trevor Corness - PeerSpot reviewer
Trevor CornessTechnical Presales Engineer at a tech services company with 11-50 employees
Real User

Are you looking for an IdP type SSO login with G-Suite -- https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/226712/saml-2-0-fsso-with-fortiauthenticator-and-google-g-suite
The documentation site docs.fortinet.com has a bunch of info and step-by-step. This would be your "Central Repository" you were asking about.

Network Security Engineer at a tech services company with 51-200 employees
Real User
It keeps track of users and their IPs no matter where they are in the network

What is our primary use case?

We implement FortiAuthenticator in situations where there are multiple Active Directory domains. Other use cases include:

  • When we need to use FortiClient to keep track of users as they move around different locations where normal FSSO would have issues
  • When we need to use one FortiToken for multiple Fortigates
  • When we want to use it as a domain controller.

The FortiAuthenticator can do many things.

How has it helped my organization?

It keeps track of users and their IPs no matter where they are in the network. When users roam, we don't have to worry about not mapping them to an IP.

What is most valuable?

Valuable features include the robust SSO features, when you have more complicated authentication within an organization. We can mix AD, Radius, Portal, SSO Portals (Google, etc.), and build our own environment. It is very flexible.

What needs improvement?

The GUI is on the older side but I'm sure that it will be upgraded soon. It works, but it looks a little dated.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Dennis Seyersdahl - PeerSpot reviewer
IT System Manager at RPM INNOVATIONS, INC.
Real User
Facilitates easy integration, allowing for 2FA with our VPN. This solution enables the addition and removal of access to the VPN

What is our primary use case?

This solution is used for 2FA for Desktop and VPN access. Each computer, server and VPN access has to have a 2FA and the solution allowed us to accomplish this with a fob or phone app. We use the fob as phones are not owned by the company.

How has it helped my organization?

This was a regulation we needed to fill and it worked at a good price. It provided a solution that allowed us to fulfill the requirement.

What is most valuable?

  • Easy integration with FortiGate to allow for 2FA with our VPN.
  • Addition and removal of access as needed for the VPN.

What needs improvement?

For my use of this solution, not much needs to change. I do not mind the way it works currently. However, I would recommend a more fluid integration with FortiGate.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
IT Infrastructure Engineer at a tech company with 11-50 employees
Real User
It centralizes the management and storage of user identity information, thereby increasing the efficiency of administration and increasing the control over who accesses the network.

What is most valuable?

Standards-based secure authentication

FortiAuthenticator centralizes the management and storage of user identity information, thereby increasing the efficiency of administration and increasing the control over who accesses the network.

• Two-factor authentication using tokens

1- OATH-compatible time-based tokens (Hardware tokens FortiToken200/FortiToken220)
2- USB certificate-based tokens FortiToken-300)
3- FortiToken Mobile for Android, iOS, and Windows Mobile
4- SMS and email tokens

• Wired/Wireless authentication using the 802. 1X standard
• Certificate management
• Captive portal guest management
• Fortinet Single Sign-On

How has it helped my organization?

Central management of user Identities and access

FortiAuthenticator extends two-factor authentication to multiple FortiGate appliances and to third-party solutions that support RADIUS or LDAP authentication

FortiAuthenticator can create, sign, and revoke X.509 certificates.

FortiAuthenticator can sign user certificate signing requests (CSRs) and distribute certificate revocation lists (CRLs) and CA certificates.

FortiAuthenticator verifies the identity of the external LDAP server by using a trusted CA certificate

FortiAuthenticator has expanded the capabilities of captive portal from credential authentication to include social WiFi authentication and MAC address authentication.

Social WiFi authentication allows FortiAuthenticator to utilize third-party user identity methods to authenticate users into a wireless guest network. Supported authentication methods include:Google+, Facebook, LinkedIn, Twitter which include SMS- and email-based authentication

Fortinet Single Sign-on (FSSO) enables FortiAuthenticator to leverage the existing network authentication systems for firewall authentication. (Windows Active Directory (AD) or Novell eDirectory)

What needs improvement?

1- Integration with different vendor firewalls (I tested only with Cisco using Cisco ASDM 6.3 (5) but i am not sure if it works with other vendor solutions)

2- A lot of configurations are available only from CLI

3- Documentation/videos for different implementation scenarios

For how long have I used the solution?

1 year

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

VM platfroms are scalable based on the business needs.

How are customer service and technical support?

Customer Service:

10/10

Technical Support:

9/10

Which solution did I use previously and why did I switch?

We used FortiGate to manage tokens and user identities but FortiAuthenticater includes more features.

How was the initial setup?

All Fortinet solutions are easy to implement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user685362 - PeerSpot reviewer
Pre-sales, Telecommunications & Security Specialist at a tech services company with 201-500 employees
Real User
It integrates very tightly with the rest of the Fortinet ecosystem. ​
Pros and Cons
  • "It integrates very tightly with the rest of the Fortinet ecosystem."
  • "A better integration with other vendors."

What is most valuable?

Integrated RADIUS server with 802.1x functionality and access control. Single Sign On and AD integration. It integrates very tightly with the rest of the Fortinet ecosystem.

How has it helped my organization?

It integrated with the existing Cisco wireless infrastructure to solidify the way people authenticate onto the network. It permitted having a centralized area to authenticate all users and enabled SSOimplementation.

What needs improvement?

A better integration with other vendors. The device is rich in features but there are a lot of functionalities I have still not experienced with.

For how long have I used the solution?

Two and a half years.

What do I think about the stability of the solution?

Overall not really, a few hiccups with the syncing with AD but nothing major.

What do I think about the scalability of the solution?

Not in my experience. The device can scale on a VM with an additional license. And there are boxes that can support thousands of users (which I have still not met).

How are customer service and technical support?

Very good. In our area we get support both in French and English and the response times are usually pretty decent.

Which solution did I use previously and why did I switch?

We are a Fortinet reseller and integrator so there were no "switches" per say.

How was the initial setup?

The setup process can be tedious.

What's my experience with pricing, setup cost, and licensing?

I would start off with a VM including the base license and scale according to the number of users you need to authenticate.

Which other solutions did I evaluate?

ClearPass by Aruba and ISE by Cisco are the two main competitors in this space. To me ClearPass seams to be the most feature-rich solution for the price and vendor neutral as is FortiAuthenticator.

What other advice do I have?

I strongly recommend someone accompany you in the initial deployment of the product to view all the functionalities that the platform is capable of doing.

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
it_user660642 - PeerSpot reviewer
Pre-Sales Engineer at a tech services company with 11-50 employees
Real User
Some of the valuable features are user management and captive portal server.

What is most valuable?

  • User management with many credential sources: LDAPs, RADIUS, Social login, SAML, tokens, and local
  • Captive portal server: Used to configure several portals for each service
  • User friendly GUI with many features
  • Very powerful

How has it helped my organization?

We are now enjoying social login in public Wi-Fi environments with very easy deployment and a maximum level of security.

What needs improvement?

I would like to see support for more credential authentication protocols.

For how long have I used the solution?

I have used the product for six months.

What do I think about the stability of the solution?

I did not encounter any stability issues.

What do I think about the scalability of the solution?

I did not encounter any scalability issues.

How are customer service and technical support?

I would give technical support a rating of 10/10.

Which solution did I use previously and why did I switch?

We used FreeRADIUS. It had limited authentication protocols (only RADIUS), no GUI, and very complicated management.

How was the initial setup?

We enjoyed an easy deployment. There are many documents with guides and best practices.

What's my experience with pricing, setup cost, and licensing?

This solution comes with a low price for the features, power, and ease of licensing.

Which other solutions did I evaluate?

We looked at FreeRADIUS and Ciso ISE.

What other advice do I have?

This is a perfect solution for authentication services.

Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor of the product.
PeerSpot user
it_user607383 - PeerSpot reviewer
Network Security Engineer at a healthcare company with 501-1,000 employees
Vendor
Helps us control security settings. Allows us to add and monitor users.

What is most valuable?

The valuable features are the granularity of the security settings and the relative ease of adding users. It also makes it really nice and easy to remove access from users that have left us or who are doing things they shouldn’t be doing.

How has it helped my organization?

It made things much easier for dealing with users BYOD for our secured wireless networks. We also use this in conjunction with an MDM solution. It makes a nice package that is easy for our end-users and is very secure.

What needs improvement?

The interface is a bit misleading in areas. Finding some settings can be a bit confusing and difficult. I would also like to see a few more real world examples given in the setup section.

For how long have I used the solution?

We have used this solution for one and a half years.

What do I think about the stability of the solution?

We did not have any stability issues. This runs on our VMware environment and we have never had an issue with stability.

What do I think about the scalability of the solution?

As this is a virtual device, we had no scalability issues. If we need more users, we just add more licenses. This makes it nice as there is no physical appliance to outgrow.

How was the initial setup?

Configuration of the virtual device was very straightforward.

The configuration of the settings in the authenticator was a bit more confusing. We did have to contact support a few times to work through some configuration issues. They also helped us set up some configurations for the active directory and our local certificate servers.

What's my experience with pricing, setup cost, and licensing?

The price was very reasonable given what it can do.  Licensing was also very reasonable.

Just make sure you do an accurate count of what you will need for licenses. If you run out of licenses, no additional users will be able to authenticate through this device.

What other advice do I have?

Planning is the key to a successful implementation. Know what you want to accomplish out of the gate before you get started. Make sure you test before rolling out to end users. Due to really tight timelines, we missed a couple of key settings and configurations.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user589359 - PeerSpot reviewer
Senior Consultant at a tech company with 1,001-5,000 employees
MSP
It has its own hardware and software token for two-factor authentication. Some of the settings are difficult to access.

What is most valuable?

One of the most valuable features is the simple FSSO (Fortinet Single Sign-On) configuration that helps to manage user-based security rules.

It is a cool security product. It's easy to use, implement and maintain, but there is room for improvement.

How has it helped my organization?

When we came across access management, we required several technical features to help manage user access to critical systems and remote access. That’s why we always go for a SSO two-factor authentication server. FortiAuthenticator is a bundle of these features. It has its own hardware and software token for two-factor authentication. It supports single sign-on and seamless integration with user-based web filtering, without any prior authentication. It can act as a Radius server to support other systems for Radius authentication. One of the common practices is using FortiAuthenticator with Dot1.X network access control.

What needs improvement?

The GUI is not fancy enough and some of the settings are difficult to access.

Part of the configuration has to be done by CLI, which is not friendly for security administrators.

Integration with other firewalls may not be as good as expected.

For how long have I used the solution?

I have used it for two years, mostly implementation for clients.

What do I think about the stability of the solution?

No stability issues so far, as long as the number of users is not too large.

What do I think about the scalability of the solution?

No issues for scalability: It is easy to add new resources as we deploy virtual machines.

How are customer service and technical support?

FortiCare can provide prompt replies. They have basic knowledge on every single product in the Fortinet family. They have a standard protocol to response to support cases which is great. They are willing to accept RMA for technical difficulties that cannot be solved in a short period of time.

Which solution did I use previously and why did I switch?

I have tried Cisco ISE as a NAC solution. Cisco ISE is the "Terminator" of NAC solutions, which has numerous features to prevent unauthorized access. However, its integration with FortiGate firewall is not great. When I use the SSLVPN service from FortiGate, it fails to authenticate with two-factor authentication. For this, using FortiAnthenticator would be a good choice for its genuine integration.

What about the implementation team?

It is quite straightforward to set up the FortiAuthenticator. We mainly deploy as a virtual machine. An OVF file is provided by Fortinet and you just simply compile the file in the VMware environment. Upon simple configuration, such as IP address and default gateway, you can access the web GUI and do any configuration, as you like.

What's my experience with pricing, setup cost, and licensing?

Licensing is straightforward, as Fortinet provides stackable licenses for FortiAuthenicator. Count the number of users and select sufficient licenses. Pricing is acceptable; much cheaper than Cisco ISE.

Which other solutions did I evaluate?

I have tried Cisco ISE. For state-of-the-art features, I would recommend Cisco ISE because of its brilliant features. But I would recommend FortiAuthenticator, if you are currently using FortiGate firewall and you seek a well-suited, complimentary NAC solution.

What other advice do I have?

The need for a NAC solution depends on your infrastructure. If you are a Fortinet user, FortiAuthenticator would be a nice choice to enhance security on VPN and web access. However, there are many other choices, such as ForeScout, which is vendor-neutral, to support different systems from different vendors.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Senior IT Support Engineer at a marketing services firm with 501-1,000 employees
Vendor
Provides two-factor authentication and integration with our other FortiGates.

What is most valuable?

The valuable features are:

  • Two-factor authentication
  • User ID with our LDAP service
  • Integration with our other FortiGates

How has it helped my organization?

By using one of our units as a load-balancing slave, we were able to roll out location-based VPNs that created quicker connections to local servers for our end users. Furthermore, incorporating a LBS unit has provided preventative measures and ensured that our remote users can still connect if a failure occurs on our master authentication unit.

What needs improvement?

It was initially difficult to sync our high availability, load-balancing slave (LBS) to our master unit. There were some initial issues connecting it and syncing with our master FortiAuthenticator unit. After reaching out to Fortinet support, it turned out that the unit needed a software update.

I would like to see the following:

  • Creating an easier implementation of software patches.
  • Designing the admin profiles to sync across, instead of having to recreate them. (I see how this could be problematic with security measures.)

For how long have I used the solution?

We've been using our master unit for about a year and our LBS for about six months.

What do I think about the stability of the solution?

We had some stability issues. Our first LBS unit wouldn't work properly the first time and that wasted a lot of time. Eventually, it died and we had to RMA the unit.

What do I think about the scalability of the solution?

We didn't have any issues with scalability.

How are customer service and technical support?

The technical support we received from Fortinet was responsive. When we experienced problems, they were able to fix our issues.

Which solution did I use previously and why did I switch?

Before implementing our FortiAuthenticators, we used our main FortiGate as a way to push out two-factor codes to our users. After a while, this option was not working. As we continued to grow, we needed something more substantial and manageable.

How was the initial setup?

The initial setup was somewhat difficult in syncing our LDAP service to our main FortiGate.

Which other solutions did I evaluate?

Before using the FortiAuthenticator, we pushed out tokens via our main FortiGate.

What other advice do I have?

If you want a more efficient way to manage two-factor authentication for your users, or implement the unit as a cluster member role, the FortiAuthenticator can be incorporated very well into your environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Fortinet FortiAuthenticator Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2022
Buyer's Guide
Download our free Fortinet FortiAuthenticator Report and get advice and tips from experienced pros sharing their opinions.