Fortinet black logo

Administration Guide

FortiAuthenticator 6.4.5

FortiAuthenticator 6.4.5

The following list contains new and expanded features added in FortiAuthenticator 6.4.5.

FSSO: Zero trust tunnel related improvements

When a remote LDAP server is configured with zero trust tunnel enabled (see LDAP), FSSO communications to the AD servers go through a zero trust tunnel, including:

  • LDAP binds/queries for domain servers auto-discovery

  • LDAP binds/queries for group lookups

FortiAuthenticator now accepts DC agent connections over TLS. In Fortinet SSO Methods > SSO > General, Require authentication for TS agents (disables DC agent support) in Enable DC/TS Agent Clients has been renamed to Require encryption for DC/TS agents. See General settings.

See Adding FortiAuthenticator to your network and the Ports and Protocols document on the Fortinet Docs Library.

FortiAuthenticator now offers a server-side TLS support option so that FortiGate as an FSSO client can be configured to connect to FortiAuthenticator over a TLS connection.

A new Enable encryption toggle in the FortiGate pane in Fortinet SSO Methods > SSO > General. See General settings.

SAML SP/IdP Proxy: Enforce MFA

FortiAuthenticator can now enforce MFA on remote SAML IdP servers.

FortiAuthenticator now offers a new MFA (https://refeds.org/profile/mfa) authentication context value when creating or editing a remote SAML authentication server in Authentication > Remote Auth. Servers > SAML. See SAML.

Remote authentication: Restrict authentication to only imported user accounts

When configuring a realm in Authentication > User Management > Realms, FortiAuthenticator now offers a new Restrict authentication to imported user account only option to enable/disable authentication of remote users without an imported account on FortiAuthenticator. See Realms.

FortiAuthenticator 6.4.5

The following list contains new and expanded features added in FortiAuthenticator 6.4.5.

FSSO: Zero trust tunnel related improvements

When a remote LDAP server is configured with zero trust tunnel enabled (see LDAP), FSSO communications to the AD servers go through a zero trust tunnel, including:

  • LDAP binds/queries for domain servers auto-discovery

  • LDAP binds/queries for group lookups

FortiAuthenticator now accepts DC agent connections over TLS. In Fortinet SSO Methods > SSO > General, Require authentication for TS agents (disables DC agent support) in Enable DC/TS Agent Clients has been renamed to Require encryption for DC/TS agents. See General settings.

See Adding FortiAuthenticator to your network and the Ports and Protocols document on the Fortinet Docs Library.

FortiAuthenticator now offers a server-side TLS support option so that FortiGate as an FSSO client can be configured to connect to FortiAuthenticator over a TLS connection.

A new Enable encryption toggle in the FortiGate pane in Fortinet SSO Methods > SSO > General. See General settings.

SAML SP/IdP Proxy: Enforce MFA

FortiAuthenticator can now enforce MFA on remote SAML IdP servers.

FortiAuthenticator now offers a new MFA (https://refeds.org/profile/mfa) authentication context value when creating or editing a remote SAML authentication server in Authentication > Remote Auth. Servers > SAML. See SAML.

Remote authentication: Restrict authentication to only imported user accounts

When configuring a realm in Authentication > User Management > Realms, FortiAuthenticator now offers a new Restrict authentication to imported user account only option to enable/disable authentication of remote users without an imported account on FortiAuthenticator. See Realms.