Fortinet FortiTrust Identity as-a-Service
Centrally manage multi-factor authentication (MFA) for FortiGate next-generation firewalls

Features & Benefits:

Centralized Authentication and Authorization Services

Ensure the right people get appropriate access to your data, resources, and applications across the enterprise

Identity and Multifactor Authentication Management

Increase certainty of user identity with the verification of another factor and adaptive authentication technique

Single Sign-on (SSO) for Cloud Applications and On-Prem Services

Fortinet SSO including modern authentication protocols federating identity for SSO (SAML, oAuth/OIDC, and API support)

Guest, BYOD, and Certificate Management

Customizable portals including self-service capabilities

Simplify Deployment and Identity Access Management

Natively integrated with Fortinet Security Fabric, no additional onsite hardware, software or ACL changes required for hybrid IT environment

Integration with Secure Directories, and Interoperable with External Cloud Identity Proiders (IDPS)

Leverage existing identity systems of record on-premises or in the cloud

Capabilities:

Highly Available Identity-as-a-Service

• Hosted in Fortinet Data Center
• 24/7 Monitoring

Authentication Service

The authentication service built into FortiTrust Identity provides authentication for employees, partners, and contractors via our access identification and verification methods, including our IdP broker/proxy capability that works seamlessly with external IdPs. With FortiTrust Identity, organizations can consolidate several methods into one experience with a single view of managing identity. FortiTrust Identity supports industry authentication and authorization standards:

• Cloud/web types: SAML, OAuth2, and OIDC
• MFA or strong authentication: OTP, email, SMS (OTP), and FIDO2 security with a variety of hardware form factors and mobile apps. Organizations can choose a factor (or factors) that best fits their environment. Specifically, organizations can secure cross-platform token transfer with the mobile apps for their iOS and Android devices
• Adaptive authentication uses the information gathered at a login attempt to evaluate the circumstantial risks of a given login attempt. This information includes time of day, geo-location, historical usage pattern, etc. The second authentication factor is only requested when that risk is higher than a predetermined threshold. Furthermore, the login attempt can be blocked if the circumstantial risk is high enough

SSO

• SSO simplifies the end-user experience and reduces the need for repeated authentications to gain secure access across enterprise applications and services

Interoperability

• FortiTrust Identity provides IdP broker/proxy capability outof-the-box for organizations that have identities managed across multiple external IdPs. This provides a centralized authentication service across these external IdPs, enabling organizations to have a uniform policy and MFA method independent from external IdPs

Integration

• Integration natively with Fortinet Security Fabric, specifically with FortiGate, extends authentication services for secure user access to on-premises resources. No additional gateway or software agents are required to purchase, install, and maintain

Certificate Management

• Streamlined certificate management enables rapid, costeffective deployment of certificates

Specifications:

Documentation:

Download the FortiTrust Identity Data Sheet (PDF).

Download the Ordering Guide (.pdf).