Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Authentication and Identity Management

Published byMorgan Long Modified over 9 years ago

Similar presentations

Presentation on theme: "User Authentication and Identity Management"— Presentation transcript:

1 User Authentication and Identity Management
FortiAuthenticator User Authentication and Identity Management

2 FortiAuthenticator Overview
Answering your authentication challenges FortiAuthenticator Authentication and Authorization RADIUS, LDAP, 802.1X, Radius Proxy SSO Mobility Agent Web based login widget Two Factor Authentication FortiToken, physical and mobile Tokenless, via SMS and Certificate Management X.509 Certificate Signing, Certificate Revocation Remote Device / Unattended Authentication Fortinet Single Sign on Active Directory Agent or agentless Third party systems via RADIUS, Syslog and API Integration FortiAP Two-factor Auth FortiGate Wireless Auth FortiAuthenticator User Identity FortiAuthenticator FSSO FortiAuthenticator FortiGate

3 FortiAuthenticator Overview
Features & Benefits Secure access to your organizations systems and data with identity based policy and two-factor authentication Control access your intellectual property Enable secure remote and guest network access whilst retaining control over security Allow business to flourish but not to the detriment of security Reduce the operational burden of local and guest user management Identify users and apply granular user policy Integrate with existing user repositories (AD, LDAP) User lifecycle management workflow User Authentication and Identity Management User Identity Two-factor Authentication Wireless Authentication Confidential

4 FortiAuthenticator Use Cases
Two-factor Authentication Username Token Enable strong password security across your network and application estate Secure remote access to critical systems Reduce operational overheads Self-service password reset Integration with existing LDAP and AD databases Built in lost token workflow Migration strategy from third- party vendor tokens Password FortiAuthenticator LDAP/ Active Directory Protected Devices

5 FortiAuthenticator Use Cases
Two-factor Authentication Support for wide range of secure authentication methods Physical Tokenless Certificate (BYOD) API Mobile Flexible range of token formats to suit all deployment requirements OATH compatible TOTP (time) based tokens (FTK200) USB certificate tokens (FTK300) FortiToken Mobile for Android, iOS and Windows Mobile SMS and tokens. Supports any RADIUS capable device Juniper, Cisco, F5 , Array, Citrix etc Microsoft Windows Domain Login and OWA

6 FortiAuthenticator Use Cases
Two-factor Authentication FortiToken Mobile: Supports Android, iOS and Windows Mobile 6 or 8 digit passcode, 30 or 60s refresh Free install, supports other TOTP & HOTP OATH tokens e.g. Google, Dropbox, Amazon QR Code Provisioning support PIN protection enforced from FAC Perpetual license Can be reissued if device is lost Can be reissued if user leaves the organization

7 FortiAuthenticator Use Cases
Wireless Authentication Centralized WiFi Authentication Authenticate users (PEAP, EAP-TTLS) and machines. Certificate based device authorization (EAP-TLS) for BYOD environments In open guest or visitor networks, FortiAuthenticator can provide captive portal functions FortiAP FortiGate FortiAuthenticator

8 FortiAuthenticator Use Cases
Guest Management User Self-registration Collection of user details Option to SMS login details (proof of identity) Receptionist registration option Time limited accounts Delete expired accounts Support multiple locations Coming soon: Facebook, Google, Linkedin, Twitter login FortiAuthenticator FortiAP FortiGate

9 FortiAuthenticator Use Cases
Fortinet Single Sign-On Identify users and apply identity based security policy FortiAuthenticator transparent user identification collects and embellishes user identity information Allows FortiGate, FortiMail and FortiCache devices to apply appropriate policy based on user identity and role Granular control of network and application access Staff Admin Guest Corporate Resources Guest Access Define who can access what and when

10 FortiAuthenticator Use Cases
Fortinet Single Sign-On Transparent User Identity Active Directory Polling Kerberos with NTLM Fallback TS and AD Collector Agents FortiClient SSO Mobility Agent Login Portal & Widgets REST API Syslog RADIUS Accounting Records AD & Windows Generic Sources FortiAuthenticator FortiGate

11 FortiAuthenticator Use Cases
Certificate Authority Simplifies the task of certificate management Issue certificates for multiple uses: VPN Authentication Wireless 802.1X (PEAP, EAP) Windows Desktop Authentication Compatible with FTK300 USB PKI Certificate Store X REVOKED

12 FortiAuthenticator Use Cases
Certificate Based VPN Strengthen and simplify VPN security Certificate based VPN enhances traditional pre shared keys with second factor Revoke certificates if device is lost (OCSP) Zero touch certificate distribution (SCEP) Integration with FortiManager to simplify deployment

13 FortiAuthenticator Use Cases
Port Access Control Switch port authentication Prevent network misuse by authenticating users before allowing network access Works with native supplicants (PEAP, EAP-TTLS, EAP-TLS, EAP-GTC) Supports MAC Authentication Bypass (e.g. for printers)

14 FortiAuthenticator Use Cases
RADIUS Accounting Proxy Integrates Carrier/ISP networks with Fortinet RADIUS Single Sign-on Minimises changes needed to critical business systems Takes the additional load by duplicating RADIUS Packets RSSO used to apply Identity Policy for FortiGate, FortiMail and FortiCache Carrier / ISP RADIUS Server RADIUS Accounting RADIUS Accounting

15 FortiAuthenticator Use Cases
High Availability and Scalability Active-Passive High Availability Local sync with failover Supports all features Active-Active Config Sync Geographic distribution Load balance across devices (scalability) Supports authentication feature sync (not FSSO) Can be combined with Active Passive HA (A-P Master, standalone slaves)

16 Case Studies

17 Case Study: Medium Enterprise Identity Management
Organization and Challenge Remote Workers Cisco tried to claim that the only way to perform Identity Based Firewalling was using their own ISE and ASA . FortiAuthenticator proved this wrong and have kept Fortinet in the running for the Wifi refresh Online retail organization with mobile workforce and widespread BYOD adoption. Incumbent Cisco wireless network, customer thought Cisco was the only option for gateway Identity Policy Who We Beat FortiGate WAN Guests Cisco FortiAuthenticator Why We Won Ability to consume user identity from Cisco wireless network (vis RADIUS Accounting) Fully inclusive guest management and registration features What They Bought 2x FortiAuthenticator 200D (HA) 2x FortiGate 600C (HA) Still in the game for Wifi refresh Multiple user groups / domains 17

18 Case Study: Local Government Identity Management
Organization and Challenge Remote Workers Regional govt. requiring transparent identity aware firewalling 5,000 users with granular permissions across 3 domain controllers, 2 domains FAC gathers user identity and forwards to FGT Who We Beat FortiGate WAN Guests Juniper , CheckPoint, SonicWall FortiAuthenticator Why We Won Multiple identity detection methods AD Polling combined with RADIUS (VPN) and guest portal Fully inclusive guest management and registration features What They Bought 2x FortiAuthenticator 1000D (HA) 2x FortiGate 1000D (HA) Multiple user groups / domains 18

19 Case Study: Enterprise Identity Management
Organization and Challenge 3 Datacenters Multinational enterprise with 3 Datacenters, 90 branches and 17,000 users throughout the world. Mobile workforce means users could be on any site. FAC gathers user identity and selectively forwards identity to relevant FGT FortiGate Clusters WAN Who We Beat PaloAlto, Juniper FortiAuthenticator Active Directory Why We Won Performance and scalability of user identity detection Selective distribution of login events to local site and core …… What They Bought 3 x FortiAuthenticator 3000D 9 x FortiGate 3600C 90 x FortiGate 110C 90 Remote Sites 19

20 Case Study: Enterprise Two-Factor Auth
Organization and Challenge Multiple Datacenters Enterprise organization requiring secure multi-factor authorization for heterogeneous range of devices Integration with existing LDAP/AD infrastructure Who We Beat RSA, Safenet Why We Won Internet FortiAuthenticator Secure provisioning strategy (CD) Physical and Soft token support Support for wide range of client devices and Windows Desktop login Home Workers What They Bought 2 x FortiAuthenticator 400C 100 x FortiToken 200 500 x FortiToken Mobile Network Operations Center 20

21 FortiAuthenticator Ordering Information
FortiAuthenticator 200D FortiAuthenticator 400C FortiAuthenticator 1000D FortiAuthenticator 3000D Small / Mid Enterprise Deployments Mid Enterprise Deployments Large Enterprise/Service Provider Deployments Large Enterprise/Service Provider Deployments Support up to 500 users HDD – 1 x 1TB 4 x 10/100/1000 Rack Mountable, 1U Single AC PSU Support up to 2,000 users HDD – 1 x 1TB 4 x 10/100/1000 Rack Mountable, 1U Single AC PSU Support up to 10,000 users HDD – 2 x 2TB 4 x 10/100/1000 2 x SFP Rack Mountable, 2U Dual AC PSU Support up to 40,000 users HDD – 2 x 2TB 4 x 10/100/1000 2 x SFP Rack Mountable, 2U Dual AC PSU FortiAuthenticator VM All Sized Deployments from SME to Service Provider Deployments From 100 to 1M+ users Unlimited CPU Unlimited RAM **Fully Stackable User Licensing** 21

22 Competitive

23 FortiAuthenticator vs FortiGate
Feature Comparison Area Feature FortiGate FortiAuthenticator Auth Two-factor Auth w. FortiToken Multiple FortiGate per token Support third party vendors User password reset User self registration Support multiple realms FSSO AD Polling DC & TS Agent Kerberos RADIUS Accounting (FSSO)  (RSSO)  (Both) Syslog

24 Competitive Landscape
Two-factor Auth Wireless Auth FortiAuthenticator User Identity

25 Feature Comparison – User Identity
FortiAuth PaloAlto User-ID Cisco Identity Services Engine Juniper Pulse UAC * Checkpoint Identity Awareness Blade Identity Microsoft Windows Environments DC Polling DC Agent Terminal Services Agent Kerberos Microsoft Exchange Non-Microsoft Windows Environments Endpoint Agent Captive Portal Embeddable Widgets SYSLOG Open API  (IF-MAP) RADIUS Accounting Authorization LDAP/AD Local override * Note that the Pulse Product line is now owned and supported by  Pulse Secure

26 Feature Comparison – Two Factor Auth
Feature Type Feature FortiAuth Safenet RSA Vasco Deployment Appliance Software Virtual Machine Cloud Tokens Physical Token (Time)  (Event) (USB Cert) (Event) Mobile Token (iOS) (Andriod) (WinMo) (BB) Desktop Token  (Mac)  (Win) (Mac) (Win) Tokenless SMS GrIDsure Agents Windows Domain 2FA Outlook Web Access 2FA Sharepoint Roadmap Integration Auth Methods RADIUS LDAP  SAML API  LDAP SAML External User repositories Local AD  RADIUS MSSQL LDAP (Oracle only) User Self Service

27

Download ppt "User Authentication and Identity Management"

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Understanding Active Directory

Understanding Active Directory
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.
S ECURITY M ADE S IMPLE Technology leader in modern two-factor authentication via SMS Morten Skovsgaard Sales Manager 21 19 21 49

S ECURITY M ADE S IMPLE Technology leader in modern two-factor authentication via SMS Morten Skovsgaard Sales Manager
IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.

IT can provide users with a common identity across on-premises or cloud- based services, leveraging Windows Server Active Directory and Azure Active.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.

Access and Identity Management for Enterprise Portals Rohit Gupta Director, Identity Management Product Management Oracle Corporation.
RSA SecurID November 10, 2005.

RSA SecurID November 10, 2005.
Enterprise Single Sign On Identity management for web applications.

Enterprise Single Sign On Identity management for web applications.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:

Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
Page Copyright Giritech A/S an – Excitor company.

Page Copyright Giritech A/S an – Excitor company.
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Empower Enterprise Mobility Jasbir Gill Azure Mobility.

Similar presentations

Ads by Google