Certified: August 02, 2024
Solution Summary
This guide describes FortiGate Firewall integration with RSA ID Plus using SAML 2.0. Use this information to determine which use case and integration type your deployment will employ.
Use Case
FortiGate Firewall can be integrated with RSA using SSO, Relying Party and RADIUS. When integrated, users must authenticate with RSA to sign in to FortiGate Firewall.
Integration Types
RADIUS integrations provide a text-driven interface for RSA within the partner application. RADIUS also provides support for most RSA authentication methods and flows.
SSO integrations use SAML 2.0 or HFED technologies to direct users’ web browsers to Cloud Authentication Service for authentication. SSO provides Single Sign-On using the IDR My Applications/My Page Portal.
Relying Party integration allows FortiGate Firewall users’ web browsers to be automatically redirected to RSA Cloud Authentication Service for authentication. With Relying Party integration, Cloud Authentication Service can manage either additional authentication only or both primary authentication (for example, user ID and password) and additional authentication depending on the service provider's capability.
Supported Features
This section shows all of the supported features by integration type and by RSA component. Use this information to determine which integration type and RSA component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA with FortiGate Firewall using each integration type.
FortiGate Firewall Integration with RSA Cloud Authentication Service
|
Authentication Methods |
RSA MFA API (REST) |
RADIUS |
Relying Party |
SSO |
|
RSA SecurID | - |
| ||
|
LDAP Password | - |
| ||
|
Authenticate Approve | - |
| ||
|
Authenticate OTP | - |
| ||
|
Device Biometrics | - |
| ||
|
SMS OTP | - |
| ||
|
Voice OTP | - |
| ||
|
FIDO Security Key | - | - |
FortiGate Firewall Integration with RSA Authentication Manager
|
Authentication Methods |
RSA MFA API (REST) |
RADIUS |
Authentication Agent |
|
RSA SecurID | - |
|
- |
| On Demand Authentication | - | - | |
|
Risk Based Authentication | - |
- |
- |
| Supported | |
| - | Not supported |
| n/t | Not yet tested or documented, but may be possible. |
| n/a | Not applicable |
Configuration Summary
This section contains instruction steps that show how to integrate FortiGate Firewall with RSA using all the integration types.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.
All RSA and FortiGate Firewall components must be installed and working prior to the integration. All the supported use cases of RSA with FortiGate Firewall require both server-side and client-side configuration changes.
This section of the guide includes links to the appropriate sections for configuring both sides for each use case.
Integration Configuration
RSA Cloud Authentication Service
Admin Access UI
SSL VPN
RSA Authentication Manager
Admin Access UI
SSL VPN
Reference
RSA Terminology Changes
The following table describes the differences in the terminologies used in the different versions of RSA products and components.
|
Previous Version |
New Version |
Examples/Comments |
|---|---|---|
| Company ID | Organization ID | |
| Account | Credential | |
| Token | OTP Credential |
SecurID OTP Credential |
| Tokencode | OTP/Access Code |
SecurID OTP, SMS OTP, Voice OTP Emergency Access Code, Disable Access Code |
| Hardware Token | Hardware Authenticator | |
| Device Serial Number | Binding ID | |
| Device | Credential/Authenticator | |
| Device Registration Code | Registration Code | |
| Authenticate App | Authenticator App |
Certification Details
RSA Authentication Manager 8.7 SP2 Patch 3
FortiGate Firewall 7.2.3 Virtual Appliance
FortiClient 7.4.0.1658
Known Issues
No known issues.
