Windows Login with 2FA - FortiAuthenticator
HTML-код
- Опубликовано: 24 июл 2024
- In this video, we go over how to configure FortiAuthenticator Windows Agent with FortiAuthenticator to enable 2FA on a Windows login prompt
0:00 FAC Agent Install/Initial Config/Testing
3:14 Simulation/Testing
5:45 Exempt users/Testing
7:42 Change Title Image
8:52 Default Domain
9:05 Login Prompt Testing
9:57 Disable Built-In Password Providers Наука
Crisp n clear, Thanks for your efforts and time
Amazing tutorial! Thanks for the content!
Hey! Great video! One question, the option to disable "Built-in password provider" does this affect other parts of the OS that might use basic auth/windows credentials or only specifically the windows logon?
It will only be specific to Windows login
Have you tested or any experience with the offline mode? We have laptops that employees use for WFH and wondering how that goes.
I've tested it just now, my steps were:
1) Configure offline token between agent + FAC, then succesfully login with "testuser2"
2) logout, now when I type in the username with exactly this syntax "testuser2", it shows a timestamp 7 days from today.
3) Now I turn off the FAC, and I can still successfully login with my token like normally (except push doesn't work, but that's expected because FAC is down, so manually type 6 digit code). I assume if I wait for 7 days then it will fail the login.
Seems like a realistic option in theory, if you ensure that users can access FAC internally and publicly (ie. if you only have FAC accessible internally then if someone does WFH for more than 10 days then offline token will stop working). Just need to make sure timestamps are accurate between machine and FAC. Probably would be something to run for a few weeks on a few willing participant's machines, especially since this affects a users Windows login.
SAML might be a good consideration/alternative because it's post login, but caveat is it requires every app that you want to integrate with it to have SAML SP support. It seems a bit cleaner to me though because it doesn't affect login.
Hello, thanks for your very detail video. I just have new setup FAC but got an issued with FAC Offline token, Do you have any tips for troubleshooting it?
Thanks!
Hi, you can check Logging > Log Access > Logs and see if anything shows up while you test. Also try to check that your Windows computer has the same timestamp as the FortiAuthenticator system time.
Hi I have a Question, How we can Authenticate the Non -Domain windows Machine With AD user using the Forti-Authenticator Agent ..?
Not sure as I have not tested that scenario, feel free to try and let us know! Thx!
how to associate an account to fortitoken? i need to create it in fortiauth?? what i need to do??? i need to create a 2FA for a client that is in a windows active directory domain wich after succesfuly set ussername and apssword, he been asked to put the OTP password...how can i do that from scratch?
Take a look at this video ruclips.net/video/JFoPXaT3ME0/видео.html
probably best to get comfortable with the Active Directory User + FortiToken association portion of the video I've linked above, then move on to the Windows Login portion.