The following list contains new and expanded features added in FortiAuthenticator 6.0.1.
FortiAuthenticator adds support for token-based authentication through the FortiToken Cloud service. This service offers centralized and simplified management of two-factor tokens. You will be able to use this feature when the FortiToken Cloud service provides support for FortiAuthenticator.
When configuring a guest portal, you have the option to automatically log new users into the guest network after they successfully register.
FortiAuthenticator can be configured to communicate with a remote LDAP server over TLS, using a client certificate to authenticate the TLS connection. This is useful in cases where you want to connect FortiAuthenticator as an LDAP client to secure LDAP services, such as the one offered by G Suite.
The SAML IdP feature includes a few customization enhancements. You can:
- use different IdP-signing certificates for each Service Provider (SP). This can be useful when renewing a certificate before expiry, allowing staged updates of the various SPs.
- specify up to three alternative ACS login URLs for each SP.
- customize the replacement message for the SAML IdP Request Expired page. This page appears when the SP request expires due to the end-user waiting too long on the SAML IdP login page before proceeding with the login.
You can now define a node-specific default gateway for the FortiAuthenticator device if it differs from the default gateway of the other HA cluster member. To add the default gateway go so System > Administration > High Availability or use the following CLI command:
configure system ha
set ns-gw <gateway>
When configuring the general user account policy settings, you have the option to automatically purge disabled user accounts on an hourly basis.
The /oauth/verify_token/ endpoint now returns the username associated to the valid OAuth token.