Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

FortiAuthenticator 6.3.1

The following list contains new and expanded features added in FortiAuthenticator 6.3.1.

Self-Service Portal: FSSO support

FortiAuthenticator now allows you to set up an FSSO portal login page independent of the admin GUI login page using the self-service portal.

Go to the Portal Services tab in Fortinet SSO Methods > SSO to specify self-service portals used to create an FSSO session on successful end-user login. The FSSO session is removed when this end-user logs out. See Portal services.

Once the end-user is successfully authenticated, and given that the original request to the self-service portal contains the user_continue_url HTTP parameter with a valid URL, then the self-service portal redirects the end-user's browser to the URL specified in user_continue_url instead of the self-service portal's post-login menu page.

Customizable login and logout replacement messages are already available in Authentication > Portals > Replacement Messages.

TACACS+: PAP support

TACACS+ on FortiAuthenticator now supports the PAP authentication type. See Adding clients.

Remote LDAP user synchronization rules support multiple certificate bindings

FortiAuthenticator now supports remote LDAP user synchronization rules where you can create or update user accounts with multiple certificate bindings. All certificate bindings use the same Common Name but different CAs.

Certificate binding CA dropdown available when creating or editing a remote LDAP user synchronization rule in Authentication > User Management > Remote User Sync Rules now allows selecting multiple CA certificates. See Remote user sync rules.

Inbound proxy settings for source address detection

FortiAuthenticator now allows the administrator to specify which HTTP header(s) may or may not be used to retrieve the source IP address of an HTTP request.

The Edit System Access Settings page in System > Administration > System Access has a new Inbound Proxy pane with related settings. See System access.

FortiAuthenticator 6.3.1

The following list contains new and expanded features added in FortiAuthenticator 6.3.1.

Self-Service Portal: FSSO support

FortiAuthenticator now allows you to set up an FSSO portal login page independent of the admin GUI login page using the self-service portal.

Go to the Portal Services tab in Fortinet SSO Methods > SSO to specify self-service portals used to create an FSSO session on successful end-user login. The FSSO session is removed when this end-user logs out. See Portal services.

Once the end-user is successfully authenticated, and given that the original request to the self-service portal contains the user_continue_url HTTP parameter with a valid URL, then the self-service portal redirects the end-user's browser to the URL specified in user_continue_url instead of the self-service portal's post-login menu page.

Customizable login and logout replacement messages are already available in Authentication > Portals > Replacement Messages.

TACACS+: PAP support

TACACS+ on FortiAuthenticator now supports the PAP authentication type. See Adding clients.

Remote LDAP user synchronization rules support multiple certificate bindings

FortiAuthenticator now supports remote LDAP user synchronization rules where you can create or update user accounts with multiple certificate bindings. All certificate bindings use the same Common Name but different CAs.

Certificate binding CA dropdown available when creating or editing a remote LDAP user synchronization rule in Authentication > User Management > Remote User Sync Rules now allows selecting multiple CA certificates. See Remote user sync rules.

Inbound proxy settings for source address detection

FortiAuthenticator now allows the administrator to specify which HTTP header(s) may or may not be used to retrieve the source IP address of an HTTP request.

The Edit System Access Settings page in System > Administration > System Access has a new Inbound Proxy pane with related settings. See System access.