Supported features
The following list contains features available in FortiPAM 1.0.0:
-
Support for multiple type of secrets:
- Linux, Windows and Windows AD, and macOS servers.
- Network devices, such as Cisco IOS, Fortinet Products, Juniper etc.
- Typical web accounts such as AWS, vSphere, FortiOS etc.
- More secrets can be supported by customized launchers and password changers.
- Customer secret protection:
- Automatic blocking of dangerous commands with SSH filtering profiles.
- Logging of all shell commands running on SSH secrets.
- Auto password delivery for Linux root password or Cisco enabled password to protect sensitive information from end users.
- User can use Associated Secret option to switch from regular user to root user for Linux or from normal user mode to enable mode for Cisco routers.
- Strong SSH encryption algorithm.
- Keyboard-interactive authentication for SSH.
- AntiVirus scanning for web-based file transfer and SCP-based file transfer.
- Data Leak Prevention safeguards digital assets by defining DLP sensors based on file types, size, or watermarks (only available with CLI).
- Block RDP clipboard to prevent data leakage.
- Advanced RDP authentication protocols, including CredSSP, TLS.
- Access approval and batch scripts approval for sensitive target.
- Implements check-out/check-in to avoid simultaneous access to a single secret by multiple users.
- ZTNA tag controls for secret launches.
- Tunnel Encryption option to improve low-security protocol connections (e.g. VNC) and traverse third-party firewall devices.
- Integration with customer’s installed authentication systems using protocols such as RADIUS, LDAP, and SAML.
- High security protection for FortiPAM login, including:
- Two-Factor authentication for local and remote users.
- IP-based access control.
- Schedule-based access control.
- ZTNA device tag-based FortiPAM server access control.
- Flexible system access control and secret permission control, including:
- Role-based access control.
- User and group-based secret permission control.
- Device tag-based secret permission control.
- Connect secrets from various OS with flexible solution:
- Multiple client OS are supported: Windows 10, Window 11, Linux, and macOS.
- Native program launching with FortiClient: Putty, Windows RDP, VNC Viewer, Tight VNC, WinSCP.
- Browser based accessing to SSH, RDP, VNC, SFTP, SMBA servers.
- Using customized Windows program to connect to the target server.
- Full surveillance features to monitor all activities on secrets and FortiPAM:
- Monitor user login session and terminate suspicious user login session in real-time. Supports disabling users.
- Monitor secret connection sessions and disconnect any suspicious connection in real-time.
- Automated password changing:
- Scheduled password (key) changing.
- Auto password (key) change after secret check-in.
- Password complexity policy.
- Secret credential history.
- Easy system maintenance:
- Automatic configuration backups to FTP, SFTP, HTTP, or HTTPS servers.
- Simpler secret management with Folders:
- Folders to organize secrets by region, office, and type.
- Folder-based permission control.
- Policy-based setting to simplify secret configuration.
- Administrators can access all the secrets in emergency situations with Glass Breaking mode.
- Users can access servers by internal IP or internal FQDN with proxy mode.
- Full audit and reporting features help customer to do log audit and behavior analysis:
- Audit user login activities.
- Audit user SSH command history.
- Audit user activity with recorded video.
- Rich user activity statistics report.
- High Availability ensures the system is highly available to minimize downtime.
- Geo-redundant Disaster Recovery ensures data availability and protection in the event of a disaster by providing disaster recovery capabilities.
- TPM or vTPM protects user private keys.
- RAID support enhances data protection through redundancy and expands storage capacity.