Fortinet FortiTrust Identity as-a-Service
Centrally manage multi-factor authentication (MFA) for FortiGate next-generation firewalls

Overview:

FortiTrust Identity (FTI) is cloud-based and natively integrated with the Fortinet Security Fabric to deliver a rich set of security controls and centralized management of user authentications, including multi-factor authentication. FTI enables you to begin your zero-trust journey with reliable user verification and strong authentication, plus ease-of-use for the end user. Adaptive, multi-factor, or passwordless authentication and identity federation for SSO across the enterprise hybrid environment are all included via user-based licensing.

Identity and Access Management Solution

Concerns about security, end-user experience, and the overall cost of a unified IAM (Identity and Access Management) solution are rising as enterprises embrace digital business initiatives—including work-from-anywhere for their workforce. FortiTrust Identity is a cloud-delivered IAM solution that uses modern authentication technologies while leveraging existing network infrastructure to enable organizations to secure user access to cloud and on-premises applications and services.

 

Learn More about:

FortiTrust ZTNA FortiTrust SASE

Features & Benefits:

Capabilities:

Highly Available Identity-as-a-Service

• Hosted in Fortinet Data Center
• 24/7 Monitoring

Authentication Service

The authentication service built into FortiTrust Identity provides authentication for employees, partners, and contractors via our access identification and verification methods, including our IdP broker/proxy capability that works seamlessly with external IdPs. With FortiTrust Identity, organizations can consolidate several methods into one experience with a single view of managing identity. FortiTrust Identity supports industry authentication and authorization standards:

• Cloud/web types: SAML, OAuth2, and OIDC
• MFA or strong authentication: OTP, email, SMS (OTP), and FIDO2 security with a variety of hardware form factors and mobile apps. Organizations can choose a factor (or factors) that best fits their environment. Specifically, organizations can secure cross-platform token transfer with the mobile apps for their iOS and Android devices
• Adaptive authentication uses the information gathered at a login attempt to evaluate the circumstantial risks of a given login attempt. This information includes time of day, geo-location, historical usage pattern, etc. The second authentication factor is only requested when that risk is higher than a predetermined threshold. Furthermore, the login attempt can be blocked if the circumstantial risk is high enough

SSO

• SSO simplifies the end-user experience and reduces the need for repeated authentications to gain secure access across enterprise applications and services

Interoperability

• FortiTrust Identity provides IdP broker/proxy capability outof-the-box for organizations that have identities managed across multiple external IdPs. This provides a centralized authentication service across these external IdPs, enabling organizations to have a uniform policy and MFA method independent from external IdPs

Integration

• Integration natively with Fortinet Security Fabric, specifically with FortiGate, extends authentication services for secure user access to on-premises resources. No additional gateway or software agents are required to purchase, install, and maintain

Certificate Management

• Streamlined certificate management enables rapid, costeffective deployment of certificates

Specifications:

Identity
Highly Available Secure Managed Service	Hosted in Fortinet Data Center 24/7 monitoring Realm support to effectively allocate resources and better manage end users Support for multiple MFA options: FortiToken Mobile, email, SMS
FortiToken Mobile Push	Login details pushed to phone for one-tap approval View login details and approve or deny with one tap Available on iPhone and Android platforms Simple app install and activation
MFA Service Integrated with FortiGate and Other Fortinet Products	Protect local and remote FortiGate admin, firewall, and VPN users Open API to use with any web-based application Integration with FortiGate, FortiAuthenticator, FortiSandbox, and FortiADC out of the box No additional hardware or software to purchase, install, and maintain Add users directly from FortiGate Remote FortiGate user support
FortiToken Mobile Token Codes	One-time token codes generated by mobile application Support for iPhone, Android, Windows Universal Platform, and Windows platforms Operates without cell service or Wi-Fi connection Secure cross-platform token transfer for iOS and Android devices

 

Documentation:

Download the Fortinet FortiTrust Identity Datasheet (PDF).

Download the Ordering Guide (.pdf).