![]() ![]() Select the authentication type the FortiAuthenticator requires. Click Create New > RADIUS in the toolbar.Įnter a name to identify the FortiAuthenticator.Įnter the IP address or fully qualified domain name of your FortiAuthenticator.Įnter the IP address or fully qualified domain name of the secondary FortiAuthenticator, if applicable.Įnter the secondary FortiAuthenticator secret, if applicable.Įnter the port for FortiAuthenticator traffic.Go to System Settings > Admin > Remote Authentication Server.On the FortiAnalyzer, you need to configure the RADIUS server and create an administrator that uses the RADIUS server for authentication. Select to check machine based authentication and apply groups based on the success or failure of the authentication. Select Enforce two-factorauthentication from the list of options. Select to apply the profile based on RADIUS attributes. See the FortiAuthenticator Administration Guide.Įnter an optional description for the RADIUS client entry.Īpply this profile based on RADIUS attributes This value must match the FortiAnalyzer RADIUS server setting at System Settings > Admin > Remote Authentication Server. Go to Authentication > RADIUS Service > Clients.Įnter a name for the RADIUS client entry.Įnter the IP address or Fully Qualified Domain Name (FQDN) of theĮnter the server secret.This option is only available when Role is User. This option is only available when Role is Administrator. Select to restrict admin login from trusted management subnets only, then enter the trusted subnets in the table. Restrict admin login from trusted management subnets only Select to allow Web service, which allows the administrator to access the web service via a REST API or by using a client application. Select to allow Full Permission, otherwise select the admin profiles to apply to the user. Select to deliver token by FortiToken, email, or SMS. Select to enable token-based authentication. Select to change the password for this local user. Configure the following settings, then click OK.Click OK to continue to the Change local user.For more information see the FortiAuthenticator Administration Guide. Optionally, select to enable account expiration. The password must be a minimum of 8 characters. Select Specify a password from the dropdown list.Įnter a password. ![]() Go to Authentication > UserManagement > Local Users.On the FortiAuthenticator, you must create a local user and a RADIUS client.īefore proceeding, ensure you have configured your FortiAuthenticator, created a NAS entry for your FortiAnalyzer, and created or imported FortiTokens.įor more information, see the Two-FactorAuthenticatorInteroperability Guide and FortiAuthenticator Administration Guide in the Fortinet Document Library. L FortiAnalyzer l FortiAuthenticator l FortiToken Configuring FortiAuthenticator To configure two-factor authentication for administrators you will need the following: ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |