Fortinet FortiGate SSL/IPsec VPN Multi-factor Authentication (MFA/2FA)

LoginTC adds multi-factor authentication to Fortinet FortiGate VPN and SSL VPN using the RADIUS protocol. After integration, every user login is challenged with a second factor of authentication, such as push, FIDO2, or one-time-passcode, before the VPN tunnel is established. LoginTC works with existing FortiGate user groups, including LDAP and Active Directory-backed users, and supports both administrator login MFA and end-user VPN MFA.

Direct integration with Active Directory means you can still leverage passwords as a first factor. Users can also be synchronized from Active Directory for a streamlined rollout.

Enable LoginTC with Fortinet FortiGate SSL/IPsec VPN to add multi-factor authentication (MFA) to your remote access deployment and keep your organization secure.

Video Walkthrough

 
LoginTC can be added to Fortinet FortiGate end to end in just over ten minutes.
 
Follow along the guided tutorial and raise your organization’s cyber security posture.
 
Watch the video

Frequently Asked Questions

How do I add MFA to FortiGate?

Install the LoginTC RADIUS connector and configure the FortiGate to authenticate against it. Every SSL VPN, IPsec, or admin login will then be challenged with a second factor (push, FIDO2, or one-time passcode) before access is granted.

Can a user use one token to login to every application?

Yes, a single LoginTC authentication token can be used to login to all your connected applications and services.

What authentication methods can I use to login?

You can use any of our LoginTC authentication methods, including:
 
Software OTP
Hardware OTP
Push Authentication
Desktop Authentication
SMS Passcode
Email Passcode
Phone Call
FIDO2 Token
Passcode Grid
QR Scan
Push Number Matching
Bypass Code
 
Contact us to discuss which authentication method might work best for your organization.

Does MFA get bypassed if the service can’t be reached?

No, LoginTC MFA cannot be bypassed.

Can I control who gets challenged with MFA?

Yes, you can control who gets challenged with static username lists, or Active Directory group membership.

Is this compatible with all Fortinet VPNs?

Yes, this is compatible with all RADIUS-speaking Fortinet VPNs.

Simple for end users

Easy Deployment Process

Utilize existing devices

Standardized for compliance

Trusted Worldwide

65+

Countries Served

10K+

Use Cases

2013

Year Released

Start your free trial today. No credit card required.

Sign up and Go