who has submitted proof of reference, along with an online application form. FAC_VM-vxxx-build0xxx-FORTINET.out: FortiAuthenticator-VM.ovf: Open Virtualization Format file for VMware. Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates, and is used herein with permission. FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including single sign on services, certificate management, and guest management. Fortinet Single Sign-On describes how to use the FortiAuthenticator unit in a Single Sign On (SSO) environment. Fortinet has been named a Visionary in the 2022 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP). Map the User, Org, and Role in the IDPPortal to the User, Org, and Role in FortiSIEM. The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. Otherwise, select None. The name must match exactly, including case-sensitivity. FortiAuthenticator is the gatekeeper of authorization into the Fortinet secured enterprise network identifying users, querying access permissions from third party systems, and communicating this information to FortiGate devices for use in Identity-Based Policies. IAM Products | Identity and Access Management Solutions | Fortinet Use FortiAuthenticator in combination with FortiClient SSO mobility agent Use FortiClient EMS tags to block clients having critical vulnerabilities We have been using the FortiAuthenticator integration for a long time and this is working fine. Fortinet Achieves a 99.88% Security Effectiveness Score in 2023 CyberRatings, 2022 Gartner Magic Quadrant for Endpoint Protection Platforms, Fortinet Named a Challenger in the 2022 Gartner Magic Quadrant for SIEM, 2023 State of Operational Technology and Cybersecurity Report, 2023 Cybersecurity Skills Gap Global Research Report, Energy- and Space-Efficient Security in Telco Networks, 2022 Gartner Magic Quadrant for Enterprise Wired and Wireless LAN Infrastructure, Fortinet Expands its NSE Certification Program to Further Address Skills Gap, Fortinet Named to 2022 Dow Jones Sustainability World and North America Indices, Artificial Intelligence for IT Operations, Security Information & Event Management (SIEM/UEBA), Security Orchestration, Automation, & Response (SOAR/TIM), Application Delivery & Server Load Balancing, Dynamic Application Security Testing (DAST), Workload Protection & Cloud Security Posture Management, Cybersecurity for Mobile Networks and Ecosystems. User credentials are either stored in the FAC local database, or in an external credential store such as Active Directory (AD), accessed via LDAP. Appendix B - Documentation references | FortiSASE 23.2.20 has to prove their training delivery skills. I mean is it mandatory or can we have our fortigate directly integrate with the domain controller directly. From the Protocol drop-down list, select SAML. download the Duo app. 4b) If the RADIUS client is a different Fortinet product or third-party product: The user will need to submit an empty code, or type 'push' in the token field and submit this, to have FortiAuthenticator trigger a push notification. Predefinedrules 190 Fine-grainedcontrols 192 SSOusersandgroups 193 Domaingroupings 194 FortiGatefiltering 195 IPfilteringrules 196 Tieredarchitecture 197 FortiAuthenticator-VM installation. See the representative examples below for Okta.com and samltest.idp website. Network & User Identity Authentication Services | FortiAuthenticator If you want to add users to your FortiSIEM deployment from an Active Directory server over LDAP, you must first add the login credentials for your server and associate them to an IP range, and then run the discovery process on the Active Directory server. image found in the v3.0 directory is specific to the FortiAuthenticator-VM VMware environment. FortiSIEMin this case. New Installations: Download for a new Configuring FortiSASE with a RADIUS server for remote user authentication. The FortiAuthenticator unit is integrated into your network. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. The FortiAuthenticator 4.0 Documentation will tell you everything you need to know to deploy this setup. FortiAuthenticators actual interface port1 has 192.168.1.99:443. Previous Next For 2-factor authentication, the password and FortiToken value must be concatenated and entered directly into the Password field. Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. This information was gathered in Step 1B. Log on to FortiSIEM normally (first factor) using the credential defined in FortiSIEM - local or external in LDAP. If the user already exists in FortiSIEM, then follow the authentication Provide a Certificate ID, choose the file for the previously saved certificate and private key files, and select OK. From the SAMLAuth profile, select the user. Our monitoring suite uses SNMP to query the FortiAuthenticator appliance for a variety of health and performance metrics. FortiAuthenticator delivers transparent identification via wide range of methods: Logging describes how to view the logs on your FortiAuthenticator unit. Check Out The Fortinet Guru Youtube Channel! Copyright 2023 Fortinet, Inc. All Rights Reserved. The FortiAuthenticator can operate in two separate HA modes: Cluster : Active-passive clustered fail-over mode where all of the configuration is synchronized between the devices. FortiAuthenticator For Windows Active Directory Self Service Note that the download steps below are for VMWare specifically. Push authenticationresponse (/pushauthresp/), External IP/FQDN configuration (/system/external_ip_fqdn/), Local user group memberships (/localgroup-memberships/), FortiGate group filter (/fgtgroupfilter/), SSO filtering objects (/fgtgroupfilter/[id]/ssofilterobjects/), RADIUS Policy/ Client Associations (/radiuspolicyclient/), FortiGuard messaging (/fortiguardmessages/), FTMlicenses (/fortitokenmobilelicenses/), User lockout policy (/userlockoutpolicy/), User certificate management (/usercerts/), SCEP Enrollment Requests Management (/scepregs/), FortiToken Mobile provisioning settings (/fortitokenmobileprovisioning/), Scheduled backup settings (/scheduledbackupsettings/), Fabric authenticate (/fabric/authenticate), Fabric device status (/fabric/device/status), Fabric widget detail by visualization type (/fabric/widget/id), OAuth server revoke token (/oauth/revoke_token/), OAuth server verify token (/oauth/verify_token/), MACdevice group associations (/macgroup-memberships/), TACACS+policy client association (/tacpluspolicyclient/). Configure FortiAuthenticator for wired / wireless 802.1x authentication, MAC-based authentication, and machine-based authentication using supported EAP methods. Mandatory settings include. Enable the configuration of automatic configuration backups. Study the SAMLResponse from your IDPand determine where to find the User, Org, and Role. Org is in the Audience element of AudienceRestriction. TABLE OF CONTENTS ChangeLog 8 What'snewinFortiAuthenticator 9 FortiAuthenticator6.0.6 9 FortiAuthenticator6.0.5 9 FTMpushproxyfeatures 9 AzureUUIDtogroupnamemapping 9 Notify me of follow-up comments by email. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Copyright 2023 Fortinet, Inc. All Rights Reserved. (Optional) In the Comments field, enter any information you may wish to reference at a future date. Enable Allow RADIUS authentication, and select OK to access additional settings. Introduction | FortiSASE 23.2.20 - Fortinet Documentation specific to the device model. For more information see the FortiAuthenticator product datasheet available on the Fortinet web Configure User, and Org according to your IDP. Go to ADMIN >Settings >General >External Authentication. The SAMLuser will be added automatically in CMDB >Users once the user logs on to FortiSIEM. Go to ADMIN> Settings >General >External Authentication. Select a log entry to see more details. More information on how to purchase instructor-led courses, on-demand labs, exam vouchers, and study material. 1) RADIUS client initiates RADIUS authentication with a user that has a FortiToken Mobile assigned, 2) FortiAuthenticator checks the authentication via RADIUS policy and discovers the token. Is it still working on version 4.2.1? For example, where the password is Fortinet and the token PIN is 123456, the password entered by the user will be Fortinet123456 . You can also submit a blank response to initiate a push notification to your FortiToken Mobile app.". This site uses Akismet to reduce spam. FortiAuthenticator 6.4 - Fortinet Documentation Download from a wide range of educational materials and documents. When SAMLTEST.IDreports success, proceed to the next step, otherwise check your XMLfile and re-upload. Click on Testing Resources, and select Download Metadata. FortiAuthenticator delivers transparent identification via a wide range of methods: There are many examples, OKTA, Entrust, etc IDPPortal - this is where you define users and credentials for your IDPand Service Providers. Learn how your comment data is processed. Click 'add a realm' to include multiple realms. | Terms of Service | Privacy Policy, Modifying External Authentication Settings, Adding Users from Active Directory via LDAP, Adding 2-Factor Authentication via Duo Security, Authenticating Users Against FortiAuthenticator (FAC) via RADIUS, Creating Login Credentials and Associate with an IP Address, Discovering the Active Directory Server and Users, Step 2 - Create External Authentication Profile in FortiSIEM. Please contact fct@fortinet.com for queries and suggestions. Once one or more authentication server profiles have been defined, users of the system can be configured to be authenticated locally, or by one or more of these external authentication servers. Configure the User, Org, and Role appropriately, based on your elements. Additionally, it can replace the Fortinet Single Sign-On (FSSO) Agent on a Windows Active Directory (AD) network. The user activates their FortiToken Mobile through the FortiToken Mobile application by either entering the activation code provided or by scanning the QR code attached. Configure your IDPfor the specific User, Organization, and Role. The system time, DNS settings, administrator password, and network interfaces have been configured. FortiSIEMtrusts the IDPand logs in the User with the right Org and Role (if applicable). Overview Is the authenticator appliance is required for creating user based policies. FortiAuthenticator - Fortinet Training Institute FAC optionally applies 2-factor authentication to users with the FortiToken. The FortiAuthenticator device provides an easy-to-configure remote authentication option for FortiGate users. Learn how your comment data is processed. The answer to that question is a resounding NO but it did remind me of a neat trick the FortiAuthenticator does provide when deployed in a LDAP environment. Configuring FortiAuthenticator PDF FortiAuthenticator Data Sheet Explore key features and capabilities, and experience user interfaces. Authentication Sources and Access. Introduction | FortiAuthenticator 6.4.1 - Fortinet Documentation for an FCT assessment must meet the following knowledge and experience eligibility requirements: If you meet all of these requirements you can apply for the FCT assessment! 2) Ensure push reply can reach FortiAuthenticator. If the User is not in the NameIdentifier element of the Subject Statement, then select Custom Attribute and enter the field containing the User information. Copy the entityID information. Set Org to the specific field in the SAMLResponse containing the Org information. Enable to allow RADIUS authentication. Download the FortiAuthenticator -VM software - Fortinet Documentation For this scenario the Certificates will be issued by Microsoft Certification Authority. To use Okta authentication for your FortiSIEM deployment, you must set up a SAML 2.0 Application in Okta, and then use the certificate associated with that application when you configure external authentication. Reference Manuals. Ensure the right people get appropriate access to your data, resources, and applications, Go beyond username and password to provide user verification requiring another factor, Use modern authentication protocols federating identity for SSO (SAML, OAUTH, OIDC, and API support), Get customizable portals including self-service capabilities, Take advantage of flexible deployment modes (appliances, VMs, cloud) with perpetual or subscription pricing options, Leverage existing identity systems of record on-premises or in the cloud. I can find the password recovery for the local users only. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. When a FortiAuthenticator is deployed in a Windows Active Directory environment and its service account (the account you created for it to use when authenticating toAD in order to perform service tasks and lookups) has permissions to read and write to update passwords, you can utilize the FortiAuthenticator self service portal for your users in order to perform AD password resets. You can change the password but if you forgot the password you cannot reset or send a new one. In my environment, the FortiGate ties directly into my AD to make things as smooth as possible. To import the client authentication certificate: Go to Certificate Management > End Entities > Local Services > Import. Edited on In OKTA.com, there is no Role information. 5) Optionally: The user can, instead of accepting the push notification, also simply enter the token code. This course prepares you for the NSE 6 FortiAuthenticator certification exam. Setup describes initial setup for standalone and HA cluster FortiAuthenticator configurations. The FortiAuthenticator device provides an easy-to-configure remote authentication option for FortiGate users. Copy and paste the certificate you downloaded in. Syslog Message Reference The following is a detailed example showing the steps required for configuration. Anthony_E, This article describes how FortiToken Push feature works with FortiAuthenticator and Apple/Android based devices, the configuration requirements and the workflow on FortiAuthenticator when a user authenticates.Useful links:FortiAuthenticator Documentation https://docs.fortinet.com/product/fortiauthenticator/6.4Solution, In cases where PUSH token notifications are desired, a setup needs to be done on FortiGate (or a 3rd party device capable of RADIUS Access-Challenge), pointing to FortiAuthenticator as RADIUS server.In FortiOS, this would include a user group with the RADIUS server object as member and the FortiAuthenticator configured as a RADIUS server entry.Any 3rd party RADIUS client needs the same settings enabled on FortiAuthenticator.The following needs to be configured on FortiAuthenticator (Setup):1) Enable push notification in RADIUS settings. Cyberthreats are increasing in volume and sophistication while organizations around the world struggle to fill security positions. Supplicant configuration is also needed for this scenario but it is out of the scope of this article. FortiPAM secures access to an organizations most critical assets. FortiEDR 6.0 - Fortinet Documentation Matching is determined by the Role mapping rules in Step 3. Define URLs and credentials in IDPPortal and FortiSIEM so that they can securely communicate with each other. Zero trust starts with user identities. Technical Tip: FortiAuthenticator 802.1x EAP-TLS w - Fortinet Community After completing this course, you will be able to: If you take the online format of this class, you must use a computer that has the following: You should use a wired Ethernet connection, not a Wi-Fi connection. The Fortigate can poll AD directly or you can use a polling agent from Fortinet. What's new in FortiAuthenticator | FortiAuthenticator 6.4.0 Fortinet employee or a candidate sponsored by an ATC, Extensive technical knowledge and skills in network security and cybersecurity, Five years of relevant experience in network security and cybersecurity, Certification in the required NSE training courses, Five years of experience in training delivery in IT security, Demonstrable training facilitation and delivery skills, Administrative Users and High Availability, Managing Users and Troubleshooting Authentication, Configure FortiAuthenticator and FortiGate for two-factor authentication, Provision FortiToken hardware / mobile software tokens, Configure FortiAuthenticator as a logon event collector using the FSSO communication framework, Configure portal services for guest and local user management, Configure FortiAuthenticator for wired / wireless 802.1x authentication, MAC-based authentication, and machine-based authentication using supported EAP methods, Manage digital certificates (root CA, sub-CA, user, and local services digital certificates), Configure FortiAuthenticator as a SCEP server for CRLs and CSRs, Configure FortiAuthenticator as a SAML identity provider and service provider, Configure FIDO for passwordless authentication, An up-to-date Java Runtime Environment (JRE) with Java Plugin enabled in your web browser, Total course duration (estimated): 13 hours / 2 days, CISSP domains: Identity and Access Management (IAM), FT-FAC-LAB: Lab access within self-paced course. You must have an understanding of the topics covered in NSE 4 FortiGate Security and FortiGate Infrastructure, or have equivalent experience. In the Add SAMLRole, enter the following information. FortiAuthenticator 3000F FAC-3000F 4x GE RJ45 ports, 2x 10GE SPF, 2x 2TB SAS . [Required] IP Host - Access IP for LDAP Start TLS, Select your LDAP credentials from the list of, Leave all the default settings, but clear the, Select the Active Directory device and click. Find solution guides, eBooks, data sheets, analyst reports, and more. Last updated May. 08-05-2019 Fortinet FortiAuthenticator Reviews, Ratings & Features 2023 | Gartner The assigned Okta user is now able to log on to FortiSIEMby clicking the FortiSIEMicon/application. Hi, thank you for the article. General 72 PCIDSS3.2two-factorauthentication 73 Lockouts 74 Passwords 75 Customuserfields 76 Tokens 76 Usermanagement 79 Administrators 79 Localusers 80 FortiToken Cloud offers centralized management for two-factor tokens. Set User to the specific field in the SAMLResponse containing the User information. FortiAuthenticator and FortiToken deliver cost effective, scalable secure authentication to your entire network infrastructure. This information was gathered in Step 1B. At the CLI prompt enter the following commands: Log in to the FAC GUI (default credentials user name / password: Change the GUI idle timeout for ease of use during configuration, if desired: Configure the DC as a remote LDAP server under. To ensure SAMLworks correctly, the following must be done. The FAC_VM-vxxx-build0xxx-FORTINET.out.ovf.zip file contains the following files: The FAC_VM_KVM-vxxx-build0216-FORTINET.out.kvm.zip file contains the following QCOW2 and XMLfiles: FortiAuthenticator-VM firmware images in the FortiCloud FTP If Role is present in the SAMLResponse from the IDP, then select Custom Attribute and enter the field containing the Role information. In the Certificate field, paste/enter the signing certificate content from step 6b. Select your Okta credentials from the list of, Download user list CSV file (OktaPasswordHealth.csv) by visiting, Log in to Duo Security Admin Panel and navigate to. Discover why 95% of organizations are moderately to extremely concerned about cloud security in 2023. images in the directories follow a specific naming convention and each firmware image is Search in Product Lookup. Download PDF Copy Link What's new in FortiAuthenticator This section provides a summary of the new features and enhancements in FortiAuthenticator: FortiAuthenticator 6.4.0 Always review the FortiAuthenticator Release Notes prior to upgrading your device. By implementing zero-trust principles such as passwordless authentication, you can verify and authorize access requests based on contextual information about the user. Having trouble configuring your Fortinet hardware or have some questions you need answered? fortiauthenticator.xml: XML file containing virtual hardware configuration settings for Hyper-V. FortiAuthenticator-VM.ovf:OVF template file for the highest supported VMware hardware type (intel E1000 NIC Driver). Fortinet FortiAuthenticator SNMP | Centreon Documentation Description In this scenario FortiAuthenticator will authenticate Computers in a Wired/Wireless environment using 802.1x EAP-TLS. Configuring remote authentication and onboarding users, Configuring security profiles and policies, Configuring authentication on the FortiGate access proxy, Configuring ZTNA connection rules on FortiSASE, Configuring FortiSASE with an LDAP server for remote user authentication in endpoint mode, Configuring FortiSASE with a RADIUS server for remote user authentication, Configuring FortiSASE with Azure Active Directory single sign on, Establish device identity and trust context with FortiClient EMS. environments that support hardware version 10. Created on FortiAuthenticator as a Certificate Authority, Creating a new CA on the FortiAuthenticator, Importing and signing the CSR on the FortiAuthenticator, Importing the local certificate to the FortiGate, FortiAuthenticator certificate with SSLinspection, Creating an Intermediate CA on the FortiAuthenticator, Importing the signed certificate on the FortiGate, FortiAuthenticator certificate with SSLinspection using an HSM, Configuring the NetHSM profile on FortiAuthenticator, Creating a local CAcertificate using an HSMserver, Adding a FortiToken to the FortiAuthenticator, Adding the user to the FortiAuthenticator, Creating the RADIUS client and policy on the FortiAuthenticator, Connecting the FortiGate to the RADIUS server, FortiAuthenticator as Guest Portal for FortiWLC, Creating the FortiAuthenticator as RADIUS server on the FortiWLC, Creating the Captive Portal profile on the FortiWLC, Creating the security profile on the FortiWLC, Creating FortiWLC as RADIUS client on the FortiAuthenticator, Creating the portal and access point on FortiAuthenticator, Creating the portal policy on FortiAuthenticator, FortiAuthenticator as a Wireless Guest Portal for FortiGate, Creating a user group on FortiAuthenticator for guest users, Creating a guest portal on FortiAuthenticator, Configuring an access point on FortiAuthenticator, Configuring a captive portal policy on FortiAuthenticator, Configuring FortiAuthenticator as a RADIUS server on FortiGate, Creating a wireless guest SSID on FortiGate, Creating firewall policies for guest access to DNS, FortiAuthenticator, and internet, Configuring firewall authentication portal settings on FortiGate, FortiAuthenticator as a Wired Guest Portal for FortiGate, Creating a wired guest interface on FortiSwitch, MAC authentication bypass with dynamic VLANassignment, Configuring MAC authentication bypass on the FortiAuthenticator, Configuring RADIUS settings on FortiAuthenticator, FortiAuthenticator user self-registration, LDAP authentication for SSLVPN with FortiAuthenticator, Creating the user and user group on the FortiAuthenticator, Creating the LDAP directory tree on the FortiAuthenticator, Connecting the FortiGate to the LDAPserver, Creating the LDAP user group on the FortiGate, SMS two-factor authentication for SSLVPN, Creating an SMS user and user group on the FortiAuthenticator, Configuring the FortiAuthenticator RADIUSclient, Configuring the FortiGate authentication settings, Creating the security policy for VPN access to the Internet, Assigning WiFi users to VLANs dynamically, Adding the RADIUS server to the FortiGate, Creating an SSID with dynamic VLAN assignment, WiFi using FortiAuthenticator RADIUS with certificates, Creating a local CA on FortiAuthenticator, Creating a local service certificate on FortiAuthenticator, Configuring RADIUSEAPon FortiAuthenticator, Configuring RADIUS client on FortiAuthenticator, Configuring local user on FortiAuthenticator, Configuring local user certificate on FortiAuthenticator, Exporting user certificate from FortiAuthenticator, Importing user certificate into Windows 10, Configuring Windows 10 wireless profile to use certificate, WiFi RADIUSauthentication with FortiAuthenticator, Creating users and user groups on the FortiAuthenticator, Registering the FortiGate as a RADIUSclient on the FortiAuthenticator, Configuring FortiGate to use the RADIUSserver, WiFi with WSSO using FortiAuthenticator RADIUSand Attributes, Registering the FortiGate as a RADIUS client on the FortiAuthenticator, Creating user groups on the FortiAuthenticator, Configuring the FortiGate to use the FortiAuthenticator as the RADIUSserver, Configuring the SSIDto RADIUSauthentication, 802.1X authentication using FortiAuthenticator with Google Workspace User Database, Creating a realm and RADIUS policy with EAP-TTLS authentication, Configuring FortiAuthenticator as a RADIUS server in FortiGate, Configuring a WPA2-Enterprise with FortiAuthenticator as the RADIUS server, Configuring Windows or macOS to use EAP-TTLS and PAP, Importing the certificate to FortiAuthenticator, Configuring LDAP on the FortiAuthenticator, Creating a remote SAML user synchronization rule, Configuring SP settings on FortiAuthenticator, Configuring the login page replacement message, SAML FSSOwith FortiAuthenticator and Okta, Configuring DNS and FortiAuthenticator's FQDN, Enabling FSSO and SAML on FortiAuthenticator, Configuring the Okta developer account IdPapplication, Importing the IdP certificate and metadata on FortiAuthenticator, Office 365 SAMLauthentication using FortiAuthenticator with 2FA, Configure the remote LDAP server on FortiAuthenticator, Configure SAMLsettings on FortiAuthenticator, Configure two-factor authentication on FortiAuthenticator, Configure the domain and SAMLSPin Microsoft Azure AD PowerShell, FortiGate SSL VPN with FortiAuthenticator as the IdP proxy for Azure, SAML FSSO with FortiAuthenticator and Microsoft Azure AD, Creating an enterprise application in Azure Portal, Setting up single sign-on for an enterprise application, Adding a user group SAML attribute to the enterprise application, Adding users to an enterprise application, Adding the enterprise application as an assignment, Registering the enterprise application with Microsoft identity platform and generating authentication key, Creating a remote OAuth server with Azure application ID and authentication key, Setting up SAML SSO in FortiAuthenticator, Configuring an interface to use an external captive portal, Configuring a policy to allow a local network to access Microsoft Azure services, Creating an exempt policy to allow users to access the captive portal, Office 365 SAMLauthentication using FortiAuthenticator with 2FA in Azure/ADFShybrid environment, Configure FortiAuthenticator as an SPin ADFS, Configure the remote SAMLserver on FortiAuthenticator, Configure FortiAuthenticator replacement messages, SSL VPN SAML authentication using FortiAuthenticator with OneLogin as SAML IdP, Configuring application parameters on OneLogin, Configuring FortiAuthenticator replacement message, Configuring FortiGate SP settings on FortiAuthenticator, Uploading SAML IdP certificate to the FortiGate SP, Increasing remote authentication timeout using FortiGate CLI, Configuring a policy to allow users access to allowed network resources, FortiGate SSL VPN with FortiAuthenticator as SAML IdP, Computer authentication using FortiAuthenticator with MSAD Root CA, Configure LDAPusers on FortiAuthenticator, Importing users with a remote user sync rule, Configuring the RADIUSserver on FortiGate, WiFi onboarding using FortiAuthenticator Smart Connect, Configure the EAPserver certificate and CA for EAP-TLS, Option A - WiFi onboarding with Smart Connect and G Suite, Configure certificates on FortiAuthenticator, Configure the remote LDAPserver and users, Configure Smart Connect and the captive portal, Configure RADIUSsettings on FortiAuthenticator, Option B - WiFi onboarding with Smart Connect and Azure, Provision the LDAPS connector in Azure ADDS, Provision the remote LDAPserver on FortiAuthenticator, Create the user group for cloud-based directory user accounts, Provision the Onboardingand Secure WiFi networks, Smart Connect Windows device onboarding process, Smart Connect iOS device onboarding process, Configuring a zero trust tunnel on FortiAuthenticator, Configuring an LDAP server with zero trust tunnel enabled on FortiAuthenticator, Configuring certificate authentication for FortiAuthenticator.