Fortinet FortiAuthenticator

FortiAuthenticator acts as the identity hub in Fortinet’s Security Fabric. It authenticates users from internal or external directories, issues tokens and certificates, and federates identity to applications via SAML 2.0. It is commonly deployed to provide MFA, captive portal sign-ins, and certificate-based access for VPN, wireless, and web applications.

Key Capabilities

  • Centralized authentication: Consolidates credentials across RADIUS, LDAP, and AD; can issue X.509 certificates to users and devices for VPN and 802.1X authentication.

  • SAML 2.0 federation: Functions as a SAML Identity Provider for SSO to SaaS and internal web apps.

  • Integrated MFA: Works with FortiToken (mobile/hardware OTP) and FortiClient for second-factor authentication (push, TOTP, or hardware tokens).

  • Certificate authority: Issues and manages client certificates for user and device identity within the Fortinet ecosystem.

Limitations

  • Protocol scope: Supports SAML 2.0 for web SSO but does not act as an OpenID Connect or OAuth 2.0 provider.

  • On-premises deployment: Delivered as hardware or VM; customers must manage HA, certificates, and backups with no SaaS edition.

  • Fortinet-centric optimization: Deepest integrations are within Fortinet products (FortiGate, FortiClient, FortiToken); SSO to non-Fortinet apps may require manual SAML configuration.

  • IGA/provisioning: Focused on authentication and federation; it lacks user lifecycle automation (no SCIM provisioning).

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales