To enable Mutli Factor Authentication (MFA) with your fortinet, you can activate RADIUS authentication which is compatible with inWebo MFA solution.
With mobile or desktop authentication, you can validate the OTP that was generated by inWebo tools, via a RADIUS connection to our platform.
In order to get the whole system up and running, your company system administrator only has to:
Configure your Fortinet with RADIUS (5 to 10 min)
Create an inWebo account (2 min)
Download, install and activate one of inWebo tokens (4 min)
Configure RADIUS in your inWebo account (2 min)
Perform a test authentication (1 min)
Basically, the whole system can be up and running in 15-20 minutes.
To be noted:
Depending of your version of FortiGate, the screens and the procedure could be slightly different.
Configuring the Fortinet gateway
How to configure a new RADIUS Server
Defining the inWebo RADIUS Server
Name > Define a name for the inWebo RADIUS server authentication
Authentication method: Select Specify then PAP
IP/Name for the primary and secondary server:
Fill the indication for your inWebo RADIUS authentication servers:
Creating a firewall Group
Defining your policy
Activating RADIUS authentication for your portal
You may have to add the new RADIUS configuration to your VPN settings.
Click the “VPN” section and navigate to “VPN SSL Settings”.
Create a new or edit an existing VPN settings and grant access to the Firewall group you just created in the previous step in the “Authentication / Portal Mapping”
You need to increase the Fortinet timeout value (5 seconds by default are not enough for MFA authentication). It can be changed from the command line interface (CLI).
We advise you to configure a timeout with at least 28 seconds.
Connect to the appliance CLI and use the following commands:
config system global
set remoteauthtimeout 28
Configuring the inWebo service
Please note that "any creation or modification to the configuration of your RADIUS connector will be applied within the hour".
Log in to the inWebo administration console https://www.myinwebo.com/console
Navigate to the Secure site tab
Add a RADIUS Push connector in the Connectors section
Fill in the parameters as shown below:
Please note that "any modification to the configuration of your RADIUS connector will be applied at the beginning of each hour".
To perform a real test, you must create at least a user in your inWebo administration console (Service Users tab) and activate a mobile and/or desktop token for this user.
When you enter the login and one random character in the password field, you will receive an automatic push on your mobile and/or desktop token.