FortiAuthenticator is Fortinet’s identity and access management software for controlling access to enterprise network resources. It centralises authentication with MFA, single sign-on and certificate services across Fortinet and third-party environments, helping IT teams strengthen access control for firewall, VPN, Wi-Fi and administrator workflows.
When access spans firewalls, VPNs, Wi-Fi and remote users, security teams need one identity control point that keeps authentication consistent without weakening auditability or policy enforcement.
FortiAuthenticator is an identity and access management platform for Fortinet and third-party environments. It supports authentication, MFA, SSO, certificate services and identity services for user, administrator and remote access workflows.
In practice, it acts as a local identity authority for users and groups, then integrates with RADIUS, LDAP and SAML services so existing directories can support VPNs, Wi-Fi and device login. In FortiGate environments, it shares user identity with policy controls so firewall rules can follow the user. It also manages tokens and issues certificates for stronger verification.
This approach helps reduce fragmented identity point solutions and gives IT teams stronger control over access decisions. It supports time-limited guest and contractor access without placing external users into core directory structures.
If you are evaluating FortiAuthenticator for central authentication or Fortinet-integrated access control, our team can help you assess fit for your environment.
FortiAuthenticator provides enterprise identity and access management for Fortinet and third-party environments, giving organisations a central platform for authentication, MFA, single sign-on, and identity services across network access workflows.
Centralised User Authentication
The platform centralises authentication for users, administrators, and remote access workflows so access decisions can be managed consistently across enterprise environments.
RADIUS and LDAP Identity Services
FortiAuthenticator provides RADIUS and LDAP services for VPNs, Wi-Fi, switches, and firewalls, reducing the need to build separate identity silos for each access system.
Fortinet Single Sign-On
It integrates user identity with FortiGate policy enforcement so access rules can follow the user identity rather than relying on IP address alone.
Certificate-Based Authentication
The platform supports certificate services to strengthen assurance for device and user access where passwords alone are not sufficient.
Token and MFA Management
FortiAuthenticator centralises token and MFA services to support controlled user verification for protected systems and remote access scenarios.
Guest and Contractor Identity Control
The platform supports temporary identity workflows for external users so access can remain time-limited and auditable.
Fortinet Ecosystem Integration
It integrates with FortiGate, FortiClient, FortiToken, FortiManager, Active Directory, and LDAP directories to centralise identity controls across Fortinet-secured environments.
If you need to centralise identity services, strengthen MFA and certificate-based access, or align Fortinet policies with user identity, our FortiAuthenticator specialists can help define the right enterprise workflow.
Use FortiAuthenticator as a local identity authority for Fortinet and third-party network access, centralising user, group and authentication services so organisations can control access from one place rather than relying on separate systems. Its RADIUS, LDAP, SAML and token services make it well suited to standardise login workflows across VPN, wireless and internal applications, while keeping authentication tightly integrated with existing directories and Fortinet security controls.
Deploy FortiAuthenticator in FortiGate environments to share user identity with Fortinet Security Fabric policies, enabling Fortinet Single Sign-On without depending only on firewall-side authentication. By linking identity data to FortiGate, FortiClient and supporting directory services, it helps enforce access decisions consistently across the Fortinet ecosystem and improves visibility over which user is behind each session.
Use FortiAuthenticator as the identity service for VPN, Wi-Fi and network device logins, where it provides RADIUS and LDAP authentication backed by existing Active Directory or LDAP directories. This makes it a practical fit for organisations that need a central authentication layer for remote access and infrastructure login workflows across Fortinet-secured and third-party environments.
Apply FortiAuthenticator where stronger user and device verification is needed, using its certificate services to issue and manage certificates for authentication workflows. This is suited to environments that want certificate-based access for users, administrators or endpoints, because FortiAuthenticator brings certificate handling into the same identity platform as MFA, SSO and directory-integrated authentication.
Use FortiAuthenticator to centrally assign, validate and manage FortiToken and other MFA factors for access control across Fortinet and third-party environments. It fits this use case because it combines identity services with token and MFA workflow support, helping security teams enforce stronger login verification for remote access, administrative access and sensitive business systems.
Use FortiAuthenticator to manage temporary access for guests and contractors without placing them into core directory structures, while still applying controlled authentication and identity services. This supports secure onboarding and offboarding for short-term users, giving organisations a cleaner way to grant limited access to network resources through the same central identity platform used for broader access control.
FortiAuthenticator provides RADIUS, LDAP, SAML, certificate and token services for user, administrator and remote access authentication.
Integrates with FortiGate to share user identity, centralise access control and support Fortinet single sign-on across security policies.
Connects with FortiClient, FortiToken and FortiManager to manage MFA, remote access and administrative authentication in one identity service.
Supports Active Directory and LDAP integration to use existing directory accounts for centralised authentication and access control.
Provides RADIUS and LDAP identity services for VPNs, wireless networks, switches and firewalls without creating separate authentication silos.
Manages certificate-based authentication, token assignment and temporary guest or contractor identities for controlled, auditable access.
FortiAuthenticator hardware appliances are licensed by managed users, with fixed base capacity on FAC-200F, FAC-400F, FAC-1000F, FAC-3000F and FAC-3700F models, plus uplift SKUs for additional named users.
FortiAuthenticator-VM uses a base licence with a starting user capacity and stackable expansion SKUs such as FAC-VM-100, FAC-VM-1000, FAC-VM-10000 and FAC-VM-100000, subject to the documented VM ceiling.
FortiAuthenticator licensing includes RADIUS, LDAP and SAML 2.0 identity services, plus OAuth 2.0 and OIDC identity provider functions, 802.1X EAP support and the self-service user portal.
FortiAuthenticator may require separate licensing for FortiToken Mobile activations, hardware OTP tokens, certificate-managed device capacity and related token or certificate expansion needs.
FortiAuthenticator is sold as perpetual licensing with separate FortiCare support or through FortiFlex for FortiAuthenticator-VM, alongside Fortinet appliance and cloud deployment options.
Our team can help assess total named user count across integrations, peak token usage, certificate-management scope, VM versus hardware choice, capacity uplift forecast and FortiCare or FortiFlex alignment.
We help assess FortiAuthenticator requirements across user access, MFA, certificates and single sign-on so your deployment approach matches your Fortinet environment, existing identity sources and day-to-day administration needs.
Our team can assist with FortiAuthenticator installation, initial setup and policy configuration, including authentication methods, user access controls and self-service options aligned to your organisation’s operational requirements.
We support integration of FortiAuthenticator with FortiGate, FortiClient, FortiManager, Active Directory and LDAP directories to centralise identity services across VPN, wireless and remote access workflows.
We can help prepare administrators for FortiAuthenticator by aligning access processes, handover steps and support procedures for MFA, certificates, guest access and routine identity management.
Our team can assist with ongoing FortiAuthenticator support, version planning, licence alignment, renewal guidance and capacity reviews so your identity services remain aligned with changing user and token requirements.
We help review FortiAuthenticator user counts, appliance or VM capacity, and add-on needs against how identity, MFA and certificate services are being used, so the commercial position stays aligned to day-to-day access requirements.
Where relevant, we can assess FortiAuthenticator alongside FortiGate, FortiClient, FortiManager, FortiNAC and FortiFlex usage to improve visibility across the Fortinet estate and coordinate renewal timing more effectively.
Our team can assess whether a hardware appliance, FortiAuthenticator-VM or FortiAuthenticator Cloud best matches current and planned usage, including token, certificate and capacity growth, to support a more balanced investment profile.
We support proactive renewal planning by reviewing changes in named users, token usage and certificate-managed devices over time, helping keep the FortiAuthenticator commercial model in step with evolving security needs.
Successful identity and access programmes depend on sustained usage, and our team can help maximise value from FortiAuthenticator through adoption planning, usage review and lifecycle guidance that keeps the platform aligned to business priorities.
The software and technologies listed here support different requirements and are often used together as part of a wider IT stack.
As an official partner to vendors including Cisco, Juniper, HPE and Fortinet, we can help confirm which software or combination provides the capabilities your team needs, while avoiding under- or over-licensing.
Speak to our team for help matching the right solution and licence level to your requirements.