FortiAuthenticator Agent for Microsoft Windows is a credential provider plug-in that enhances the Windows login process with a one time password, validated by FortiAuthenticator.
When configuring two-factor authentication in the FortiAuthenticator Agent for Microsoft Windows, you can select a Default Domain at Logon Screen. The options are None, Most Recent, and a populated list of available domains (also configurable).
This is particularly useful for environments that have a single domain (where previously, the user had to manually pick a domain from a dropdown every single login, even in single-domain environments).
Customers with a load-balancing HA configuration can configure the FortiAuthenticator Agent for Microsoft Windows to try to reach the secondary FortiAuthenticator if the primary is unreachable, with retries occurring in the same order (in round-robin fashion).
You can view the time remaining for offline token validation when logging in using the FortiAuthenticator Agent for Microsoft Windows.
For all tokens, FortiAuthenticator downloads enough offline tokens for the configured cache size plus the authentication window size (so if the HOTP cache = 50 and the HOTP window = 10, you initially have 60 tokens remaining; when tokens are displayed but not submitted to FortiAuthenticator, this ends up as fewer than 60 authentication attempts).
All network communications take place over TLS 1.2. As a result, the minimum required version of the .NET Framework is 4.6.0. The FortiAuthenticator Agent for Microsoft Windows installer will offer to install TLS 1.2 when it is necessary.