Supported features

Supported features

The following list contains features available in FortiPAM 1.0.0:

Support for multiple type of secrets:
1. Linux, Windows and Windows AD, and macOS servers.
2. Network devices, such as Cisco IOS, Fortinet Products, Juniper etc.
3. Typical web accounts such as AWS, vSphere, FortiOS etc.
4. More secrets can be supported by customized launchers and password changers.
Customer secret protection:
1. Automatic blocking of dangerous commands with SSH filtering profiles.
2. Logging of all shell commands running on SSH secrets.
3. Auto password delivery for Linux root password or Cisco enabled password to protect sensitive information from end users.
4. User can use Associated Secret option to switch from regular user to root user for Linux or from normal user mode to enable mode for Cisco routers.
5. Strong SSH encryption algorithm.
6. Keyboard-interactive authentication for SSH.
7. AntiVirus scanning for web-based file transfer and SCP-based file transfer.
8. Data Leak Prevention safeguards digital assets by defining DLP sensors based on file types, size, or watermarks (only available with CLI).
9. Block RDP clipboard to prevent data leakage.
10. Advanced RDP authentication protocols, including CredSSP, TLS.
11. Access approval and batch scripts approval for sensitive target.
12. Implements check-out/check-in to avoid simultaneous access to a single secret by multiple users.
13. ZTNA tag controls for secret launches.
14. Tunnel Encryption option to improve low-security protocol connections (e.g. VNC) and traverse third-party firewall devices.
Integration with customer’s installed authentication systems using protocols such as RADIUS, LDAP, and SAML.
High security protection for FortiPAM login, including:
1. Two-Factor authentication for local and remote users.
2. IP-based access control.
3. Schedule-based access control.
4. ZTNA device tag-based FortiPAM server access control.
Flexible system access control and secret permission control, including:
1. Role-based access control.
2. User and group-based secret permission control.
3. Device tag-based secret permission control.
Connect secrets from various OS with flexible solution:
1. Multiple client OS are supported: Windows 10, Window 11, Linux, and macOS.
2. Native program launching with FortiClient: Putty, Windows RDP, VNC Viewer, Tight VNC, WinSCP.
3. Browser based accessing to SSH, RDP, VNC, SFTP, SMBA servers.
4. Using customized Windows program to connect to the target server.
Full surveillance features to monitor all activities on secrets and FortiPAM:
1. Monitor user login session and terminate suspicious user login session in real-time. Supports disabling users.
2. Monitor secret connection sessions and disconnect any suspicious connection in real-time.
Automated password changing:
1. Scheduled password (key) changing.
2. Auto password (key) change after secret check-in.
3. Password complexity policy.
4. Secret credential history.
Easy system maintenance:
1. Automatic configuration backups to FTP, SFTP, HTTP, or HTTPS servers.
Simpler secret management with Folders:
1. Folders to organize secrets by region, office, and type.
2. Folder-based permission control.
3. Policy-based setting to simplify secret configuration.
Administrators can access all the secrets in emergency situations with Glass Breaking mode.
Users can access servers by internal IP or internal FQDN with proxy mode.
Full audit and reporting features help customer to do log audit and behavior analysis:
1. Audit user login activities.
2. Audit user SSH command history.
3. Audit user activity with recorded video.
4. Rich user activity statistics report.
High Availability ensures the system is highly available to minimize downtime.
Geo-redundant Disaster Recovery ensures data availability and protection in the event of a disaster by providing disaster recovery capabilities.
TPM or vTPM protects user private keys.
RAID support enhances data protection through redundancy and expands storage capacity.

Supported features

The following list contains features available in FortiPAM 1.0.0:

Support for multiple type of secrets:

Linux, Windows and Windows AD, and macOS servers.
Network devices, such as Cisco IOS, Fortinet Products, Juniper etc.
Typical web accounts such as AWS, vSphere, FortiOS etc.
More secrets can be supported by customized launchers and password changers.

Customer secret protection:

Automatic blocking of dangerous commands with SSH filtering profiles.
Logging of all shell commands running on SSH secrets.
Auto password delivery for Linux root password or Cisco enabled password to protect sensitive information from end users.
User can use Associated Secret option to switch from regular user to root user for Linux or from normal user mode to enable mode for Cisco routers.
Strong SSH encryption algorithm.
Keyboard-interactive authentication for SSH.
AntiVirus scanning for web-based file transfer and SCP-based file transfer.
Data Leak Prevention safeguards digital assets by defining DLP sensors based on file types, size, or watermarks (only available with CLI).
Block RDP clipboard to prevent data leakage.
Advanced RDP authentication protocols, including CredSSP, TLS.
Access approval and batch scripts approval for sensitive target.
Implements check-out/check-in to avoid simultaneous access to a single secret by multiple users.
ZTNA tag controls for secret launches.
Tunnel Encryption option to improve low-security protocol connections (e.g. VNC) and traverse third-party firewall devices.

Integration with customer’s installed authentication systems using protocols such as RADIUS, LDAP, and SAML.

High security protection for FortiPAM login, including:

Two-Factor authentication for local and remote users.
IP-based access control.
Schedule-based access control.
ZTNA device tag-based FortiPAM server access control.

Flexible system access control and secret permission control, including:

Role-based access control.
User and group-based secret permission control.
Device tag-based secret permission control.

Connect secrets from various OS with flexible solution:

Multiple client OS are supported: Windows 10, Window 11, Linux, and macOS.
Native program launching with FortiClient: Putty, Windows RDP, VNC Viewer, Tight VNC, WinSCP.
Browser based accessing to SSH, RDP, VNC, SFTP, SMBA servers.
Using customized Windows program to connect to the target server.

Full surveillance features to monitor all activities on secrets and FortiPAM:

Monitor user login session and terminate suspicious user login session in real-time. Supports disabling users.
Monitor secret connection sessions and disconnect any suspicious connection in real-time.

Automated password changing:

Scheduled password (key) changing.
Auto password (key) change after secret check-in.
Password complexity policy.
Secret credential history.

Easy system maintenance:

Automatic configuration backups to FTP, SFTP, HTTP, or HTTPS servers.

Simpler secret management with Folders:

Folders to organize secrets by region, office, and type.
Folder-based permission control.
Policy-based setting to simplify secret configuration.

Administrators can access all the secrets in emergency situations with Glass Breaking mode.

Users can access servers by internal IP or internal FQDN with proxy mode.

Full audit and reporting features help customer to do log audit and behavior analysis:

Audit user login activities.
Audit user SSH command history.
Audit user activity with recorded video.
Rich user activity statistics report.

High Availability ensures the system is highly available to minimize downtime.

Geo-redundant Disaster Recovery ensures data availability and protection in the event of a disaster by providing disaster recovery capabilities.

TPM or vTPM protects user private keys.

RAID support enhances data protection through redundancy and expands storage capacity.

Release Notes

Supported features

Supported features