SecurID® Integrations
Certified: October 5, 2022
Solution Summary
This section describes FortiGate integration with RSA SecurID (or ID Plus). Use this information to determine which use case and integration type your deployment will employ.
Use Case
FortiGate can be configured to communicate with either RSA SecurID Access through SAML SSO or the RADIUS protocol. FortiGate Firewall supports RSA authentication, allowing organizations to secure their resources by requiring end-users to authenticate with RSA SecurID hardware or software OTPs and/or RSA Cloud Authentication Service multifactor authentication methods.
Integration Types
RADIUS integrations provide a text-driven interface for RSA SecurID Access within the partner application. RADIUS also provides support for most RSA SecurID Access authentication methods and flows.
SSO integrations use SAML 2.0 technologies to direct users’ web browsers to Cloud Authentication Service for authentication. SSO provides Single Sign-On using the IDR My Applications/My Page Portal.
Relying Party integrations use SAML 2.0 to direct users’ web browsers to the RSA Cloud Authentication Service for authentication. Primary authentication is configurable, and relying party can be a good choice for adding additional authentication (only) to existing deployments.
Supported Features
This section shows all of the supported features by integration type and by RSA SecurID Access component. Use this information to determine which integration type and which RSA SecurID Access component your deployment will use. The next section in this guide contains the instruction steps for how to integrate RSA SecurID Access with FortiGate using each integration type.
FortiGate Integration with RSA Cloud Authentication Service
|
Authentication Methods |
RSA MFA API (REST) |
RADIUS |
Relying Party |
SSO |
|
RSA SecurID |
- |
|
 |
|
|
LDAP Password |
- |
|
|
|
|
Authenticate Approve |
- |
|
|
|
|
Authenticate OTP |
- |
|
|
|
|
Device Biometrics |
- |
|
|
|
|
SMS OTP |
- |
|
|
|
|
Voice OTP |
- |
|
|
|
|
FIDO Security Key |
- | - | |
|
FortiGate Integration with RSA Authentication Manager
|
Authentication Methods |
RSA MFA API (REST) |
RADIUS |
Authentication Agent |
|
RSA SecurID |
- |
|
- |
|
Risk Based Authentication |
- |
- |
- |
|
Supported |
| - | Not supported |
| n/t | Not yet tested or documented, but may be possible. |
| n/a | Not applicable |
Configuration Summary
This section contains instruction steps that show how to integrate FortiGate with RSA SecurID using all the integration types.
This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products to install the required components.
All RSA SecurID and FortiGate components must be installed and working prior to the integration.
All the supported use cases of RSA SecurID Access with FortiGate require both server-side and client-side configuration changes. This section of the guide includes links to the appropriate sections for configuring both sides for each use case.
Integration Configuration
RSA Cloud Authentication Service
FortiGate can be integrated with RSA Cloud Authentication Service in the following ways:
Admin Access UI
SSL VPN
RSA Authentication Manager
FortiGate can be integrated with RSA Authentication Manager in the following ways:
Admin Access UI
SSL VPN
Reference
RSA Terminology Changes
The following table describes the differences in the terminologies used in the different versions of RSA products and components.
|
Previous Version |
New Version |
Examples/Comments |
|---|---|---|
| Company ID | Organization ID | |
| Account | Credential | |
| Token | OTP Credential |
SecurID OTP Credential |
| Tokencode | OTP/Access Code |
SecurID OTP, SMS OTP, Voice OTP Emergency Access Code, Disable Access Code |
| Hardware Token | Hardware Authenticator | |
| Device Serial Number | Binding ID | |
| Device | Credential/Authenticator | |
| Device Registration Code | Registration Code | |
| Authenticate App | Authenticator App |
Known Issues
No known issues.
Certification Details
RSA Authentication Manager 8.7 Patch 1, Virtual Appliance or later
FortiGate Firewall 7.0.5 Virtual Appliance
FortiClient 7.0.7.0345
RSA Ready certification by Mahmoud Dawoud
