Tag Archives: fortiauthenticator admin guide

What’s new in FortiAuthenticator 4.0

What’s new in FortiAuthenticator 4.0

FortiAuthenticator 4.0 includes a host of new and expanded features designed to make it more robust and versatile than ever before, while maintaining ease of use.

New features include:

  • Captive portal guest management – Social and MAC address authentication

Social Wifi authentication allows FortiAuthenticator to utilize third-party user identity methods to authenticate users into a wireless guest network. Supported authentication methods include:

  • Google + l Facebook l LinkedIn l Twitter l Form based authentication (similar to the existing self-registration feature) l SMS based authentication l Email-based authentication
  • MAC address authentication

For more details, see Captive portal on page 80.

  • New SNMP event

A new event (trap) has been added to the SNMP community configuration settings: “HA status is changed.” For more details, see Administration on page 33. l Add Riverbed RADIUS VSAs

The Riverbed RADIUS dictionary has been added to the RADIUS engine to allow Riverbed vendor attributes to be used in Authentication.

  • Role based administration
    • new feature that allows FortiAuthenticator to create and edit admin profiles (similar to FortiOS). Each administrator can be granted either full permissions or an admin profile, and they can be granted read-only or read/write permissions sets. For more details, see Administration on page 33
  • Bulk purge inactive users menu

New options are now available for bulk purging inactive user accounts. For more details, see User management on page 57.

  • Allow expired FTM reactivation
    • new feature that enhances the FTM activation flow allows administrators to see more quickly why a user cannot authenticate using a FortiToken if their pre-configured timeout period expired. For more details, see FortiToken devices and mobile apps on page 72.
  • Remote LDAP password change

What’s new in FortiAuthenticator 4.0

A new feature that — through the use of Windows AD — allows users to change their passwords without provision changes being made to the network by a system administrator. For more details, see Remote authentication servers on page 88

  • RADIUS sub auth client profiles
    • new feature that allows you to assign attributes to RADIUS Auth Client profiles, so that they are more distinguishable for FortiAuthenticator even if the authentication requests may originate from the same IP address. For more details, see RADIUS service on page 91.
  • Windows FAC agent – group/OU exemptions
    • new feature that exempts users from two-factor authentication using AD container filtering has been added to the FortiAuthenticator Agent for Microsoft Windows, and for OWA users. Users who are members of an exempt groups and the users located under an exempt AD container are only required to provide a password to authenticate, i.e. no FortiToken code. For more details, see FortiAuthenticator Agents on page 100. l SSO filtering options expansion

New object types have been added to the group filtering function. For more details, see FortiGate group filtering on page 120

  • SSO – include username with “$”

FortiAuthenticator now includes usernames containing the “$” character in its SSO feature. For more details, see General settings on page 106.

  • DC/TS agent monitoring
    • new subsection of Monitoring which displays information on the server’s Domain Controller (DC) and Terminal Server (TS) Agents, found at SSO Monitor> SSO > DC/TS Agents. For more details, see SSO on page 129.